Bugtraq mailing list archives
Re: HP-UX setprivgrp()
From: quatrava () clipper ens fr (Dominique Quatravaux)
Date: Thu, 7 Nov 1996 22:51:54 +0100
Maybe a race condition can be won between the times the setuid bits are changed by chown().
Don't bother trying, system calls are atomic... but you can use this feature to work around filesystem quotas for example. I can't see any other evil use of this feature : I can't see why giving a file to somebody else could be harmful. Well, of course it can be done in the wrong place, so a naive user who chmoded 777 his home directory could be given a .rhosts... OTOH, does this feature allow you to do it the other way round ? Sort of things like : chown myself /etc/passwd vi /etc/passwd chown root /etc/passwd Well _that_ would be interesting enough :-).
-Ed
--
<< Tout n'y est pas parfait, mais on y honore certainement les jardiniers >>
Dominique QUATRAVAUX
(Dominique.Quatravaux () ens fr)
Current thread:
- HP-UX setprivgrp() Eduardo E. Silva (Nov 07)
- <Possible follow-ups>
- Re: HP-UX setprivgrp() Dominique Quatravaux (Nov 07)
- Re: HP-UX setprivgrp() Valdis.Kletnieks () vt edu (Nov 08)
- Bos: Firewall-1 ping bug...? Eduardo E. Silva (Nov 08)
- Re: HP-UX setprivgrp() dsiebert () icaen uiowa edu (Nov 08)
- Syslogd and Solaris 2.4 Denis Campeau (Nov 08)
- Syslogd and Solaris 2.4 Scriptors of DOOM (Nov 09)
- CIAC Bulletin H-03: HP-UX suid Vulnerabilities Bill Orvis (Nov 09)
- CIAC Bulletin F-04: HP-UX Ping Vulnerability Bill Orvis (Nov 09)
- Re: HP-UX setprivgrp() Valdis.Kletnieks () vt edu (Nov 08)