Bugtraq mailing list archives
Re: local root on linux 2.2.15
From: wp () ELZABSOFT PL (Wojciech Purczynski)
Date: Mon, 12 Jun 2000 15:06:18 +0200
On Thu, 8 Jun 2000, Philip Guenther wrote:
Question: given this bug, is it now the community expectation that every program that setuids from 0 to non-zero should check for the presence of this kernel bug?
Procmail is _not_ affected by saved UID bug because it doesn't try to drop privileges and then regain them by switching back to UID 0. However, Procmail is buggy because it tries to drop privileges using setreuid system call which fails with EPERM. Procmail ignores that and continues running with privileges it shouldn't have.
The sendmail people have enhance sendmail in just such a fashion and I'm wondering whether I, as current maintainer of procmail, should do so to procmail. Are we going to see new versions of perl, screen, xterm, nxterm, and rxvt (all of which are setuid root on the Linux system in front of me) that contain code to detect this? I suspect so, and I'll add the requisite code to procmail for the next version.
IMHO, all those setuid-root programs should be fixed if they ignore return values of system calls. -wp +--------------------------------------------------------------------+ | Wojciech Purczynski wp () elzabsoft pl http://www.elzabsoft.pl/~wp | | GSM: +48604432981 Linux Administrator SMS: wp-sms () elzabsoft pl | +------ Public GnuPG Key: http://www.elzabsoft.pl/~wp/gpg.asc ------+
Current thread:
- local root on linux 2.2.15 Peter van Dijk (Jun 07)
- Mcafee Alerting DOS vulnerability Harry Schmilllson (Jun 07)
- Re: local root on linux 2.2.15 Wojciech Purczynski (Jun 08)
- Re: local root on linux 2.2.15 Tomasz Grabowski (Jun 08)
- Re: local root on linux 2.2.15 Philip Guenther (Jun 08)
- Re: local root on linux 2.2.15 Wojciech Purczynski (Jun 12)
- Re: local root on linux 2.2.15 Jeff Dafoe (Jun 14)
- Re: local root on linux 2.2.15 Wojciech Purczynski (Jun 14)
- MS-040 'proof of concept' code Renaud Deraison (Jun 13)
- <Possible follow-ups>
- Re: local root on linux 2.2.15 Tollef Fog Heen (Jun 11)
- Re: local root on linux 2.2.15 Peter da Silva (Jun 15)
- Re: local root on linux 2.2.15 Firstname Lastname (Jun 15)
- Re: local root on linux 2.2.15 Robert Watson (Jun 18)
- Net Tools PKI server exploits Jim Stickley (Jun 19)
- XFree86: libICE DoS Chris Evans (Jun 19)
- Re: local root on linux 2.2.15 Peter da Silva (Jun 15)