Bugtraq mailing list archives
Re: Linux: exploit for killmouse.
From: im14u2c () cegt201 bradley edu (Joe Zbiciak)
Date: Sat, 14 Dec 1996 20:05:22 -0600
And then Bo went and said something like this: |Exploit: |This can be exploited in a few similar ways. SUID shell scripts are bad... but even just non-suid shell scripts called from SUID programs that don't properly massage their environment are bad news. Which reminds me, there's a bigger hole in Doom. It doesn't drop its root permissions soon enough! The user is allowed to set a sound server in his/her .doomrc. Normally, this is set to "sndserver". Howver, this can be set to *any* program, and that program runs as root!! Doom, as with any SVGAlib program, should call vga_init() as the first line of main(). It doesn't, and that's bad. SVGAlib gets a lot of bad press because of the suid-root issue, but the real problem rests in poor coding of the client programs. I like DOOM, but it's port was sloppily done. --Joe -- :======= Joe Zbiciak =======: :- - im14u2c () bradley edu - -: "Ohm, ohm on the range, : - - - - - http: - - - - - : where the amps and inductances play..." ://ee1.bradley.edu/~im14u2c/: :======= DISCLAIMER: =======: :--- I could be wrong, ---: :======= but I'm not.=======: (731:835 2:15)
Current thread:
- Linux: exploit for killmouse. Bo (Dec 14)
- Re: Linux: exploit for killmouse. Joe Zbiciak (Dec 14)
- vixie-crontab for redhat linux Dave G. (Dec 15)
- Re: vixie-crontab for redhat linux Erik Troan (Dec 16)