Bugtraq mailing list archives
Re: Vulnerability in 4.4BSD Secure Levels Implementation
From: tqbf () pobox com (tqbf () pobox com)
Date: Sun, 14 Jun 1998 03:43:02 -0500
Unless there is an application (or the system itself) that periodically checks for any change in status of a system daemon (like the change of a PID),
Watch out. You can't assume that a change of processes is detectable by a change in the PID --- if I kill off the original holder of a PID, I can claim that PID by forking until the OS re-uses it for my own process. Even if the system uses randomized PIDs (a cool idea), I will still eventually receive the one I want, and until I do (we're probably talking seconds), I can keep the service I'm backdooring running on a different PID. ----------------------------------------------------------------------------- Thomas H. Ptacek The Company Formerly Known As Secure Networks, Inc. ----------------------------------------------------------------------------- http://www.pobox.com/~tqbf "If you're so special, why aren't you dead?"
Current thread:
- Re: Full Armor.... Fool Proof etc... bugs, (continued)
- Re: Full Armor.... Fool Proof etc... bugs Joseph Gooch (Jun 13)
- Re: Full Armor.... Fool Proof etc... bugs Florian Weimer (Jun 12)
- Solaris 2.6 non-executable stacks Dax Kelson (Jun 12)
- Re: Solaris 2.6 non-executable stacks Edward S. Marshall (Jun 14)
- Re: Solaris 2.6 non-executable stacks Casper Dik (Jun 16)
- Re: Solaris 2.6 non-executable stacks Edward S. Marshall (Jun 14)
- Re: Vulnerability in 4.4BSD Secure Levels Implementation Darren Reed (Jun 13)
- Re: Vulnerability in 4.4BSD Secure Levels Implementation tqbf () pobox com (Jun 11)
- Re: Vulnerability in 4.4BSD Secure Levels Implementation Niall Smart (Jun 13)
- Re: Vulnerability in 4.4BSD Secure Levels Implementation Tim Newsham (Jun 26)
- check-ps 1.2 alpha 4 released Duncan Simpson (Jun 26)
- Re: Vulnerability in 4.4BSD Secure Levels Implementation tqbf () pobox com (Jun 14)
- Re: Vulnerability in 4.4BSD Secure Levels Implementation Niall Smart (Jun 28)
- Re: Vulnerability in 4.4BSD Secure Levels Implementation Tim Newsham (Jun 28)
- Re: Vulnerability in 4.4BSD Secure Levels Implementation Roger Harrison ? (Jun 29)
- Serious Linux 2.0.34 security problem David Luyer (Jun 30)
- Re: Serious Linux 2.0.34 security problem Jim Bourne (Jun 30)
- QPOPPER - FreBSD, BSDI/OS remote exploit MiG (Jun 30)