Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Vulnerability in 4.4BSD Secure Levels Implementation

From: tqbf () pobox com (tqbf () pobox com)
Date: Sun, 14 Jun 1998 03:43:02 -0500


Unless there is an
application (or the system itself) that periodically checks for any
change in status of a system daemon (like the change of a PID),


Watch out. You can't assume that a change of processes is detectable by a
change in the PID --- if I kill off the original holder of a PID, I can
claim that PID by forking until the OS re-uses it for my own process. Even
if the system uses randomized PIDs (a cool idea), I will still eventually
receive the one I want, and until I do (we're probably talking seconds),
I can keep the service I'm backdooring running on a different PID.

-----------------------------------------------------------------------------
Thomas H. Ptacek          The Company Formerly Known As Secure Networks, Inc.
-----------------------------------------------------------------------------
http://www.pobox.com/~tqbf       "If you're so special, why aren't you dead?"
Previous By Date Next
Previous By Thread Next

Current thread: