Bugtraq mailing list archives
Re: FreeBSD,rlogin and coredumps.
From: slk () LINUX1 ACM RPI EDU (Simon Karpen)
Date: Tue, 18 Feb 1997 19:59:37 -0500
The problem is not in screen; it's in the operating system. Linux is truly not vulnerable as it does not allow coredumps of setuid root programs. The BSDs (at least FreeBSD) appear to still do this for some inane reason. Even SunOS 4.x doesn't coredump setuid progs, and I wouldn't exactly call it secure. On Tue, 18 Feb 1997, Nathan Torkington wrote:
It's possible to send a signal 11 to the latest version of screen (3.7.2) and make it coredump with the master.passwd file in memory. I'm using FreeBSD 2.1.5-RELEASE.
Simon Karpen karpes () rpi edu, slk () acm rpi edu, slk () karpes stu rpi edu "Down, not Across"
Current thread:
- NT password dictionary attack., (continued)
- NT password dictionary attack. Paul Ashton (Feb 18)
- New CIFS paper up for grabs *Hobbit* (Feb 18)
- Re: screen 3.05.02 Mr. Cyb (Feb 16)
- FreeBSD,rlogin and coredumps. Roelof W Temmingh (Feb 16)
- Re: FreeBSD,rlogin and coredumps. David Greenman (Feb 16)
- Re: FreeBSD,rlogin and coredumps. Adrian Chadd (Feb 17)
- Re: FreeBSD,rlogin and coredumps. Jamshid Abedi (Feb 17)
- Re: FreeBSD,rlogin and coredumps. jamie (Feb 18)
- Re: FreeBSD,rlogin and coredumps. Nathan Torkington (Feb 18)
- Re: FreeBSD,rlogin and coredumps. Daniel O'Callaghan (Feb 18)
- Re: FreeBSD,rlogin and coredumps. Simon Karpen (Feb 18)
- Re: FreeBSD,rlogin and coredumps. Michael Lerperger (Feb 17)
- NetBIOS Auditing Tool Oliver Friedrichs (Feb 16)
- Re: IRIX: Bug in startmidi Astley Chan (Feb 09)
- Re: IRIX: Bug in startmidi Steve M. Acheson (Feb 10)