Bugtraq mailing list archives
Re: local root on linux 2.2.15
From: tollef () ADD NO (Tollef Fog Heen)
Date: Fri, 16 Jun 2000 08:55:24 +0200
* der Mouse
| Does anyone else find this as ironic as I do? Note the lack of
| checking before using the pointers returned by malloc.
ok, ok, I was lazy. Sorry all. Mea culpa. I just copied code from
one of the exploits.
Fixed code:
#include <stdlib.h>
#include <unistd.h>
#include <linux/capability.h>
#include <string.h>
#include <errno.h>
int main() {
cap_user_header_t header;
cap_user_data_t data;
int retval;
header = malloc(sizeof(cap_user_header_t));
if (header == NULL) {
printf("Out of memory\n");
exit(1);
}
data = malloc(sizeof(cap_user_data_t));
if (data == NULL) {
printf("Out of memory\n");
exit(1);
}
header->pid = 0;
header->version = _LINUX_CAPABILITY_VERSION;
data->inheritable = data->effective = data->permitted = 0;
retval = capset(header, data);
if (retval == -1) {
printf("%s\n",strerror(errno));
exit(1);
}
printf ("Setuid returns: %d\n", setuid(1000));
printf("Strerror returns: %s\n", strerror(errno));
}
--
Tollef Fog Heen
This is the unix version of the LoveBug virus and in the spirit of such it
depends on the user community to propagate. Please send this message to all
of your friends and randomly delete numerous files from your system.
Current thread:
- XFree86: xdm xdmcp code in wdm also, (continued)
- XFree86: xdm xdmcp code in wdm also Brian Russo (Jun 20)
- Re: XFree86: xdm xdmcp code in wdm also Jerome ALET (Jun 20)
- Problems with "kon2" package Chris Evans (Jun 19)
- [TL-Security-Announce] Linux Kernel TLSA2000013-1 Roger Luethi (Jun 19)
- Re: [TL-Security-Announce] Linux Kernel TLSA2000013-1 Gregory Neil Shapiro (Jun 28)
- CERT Advisory CA-2000-12 Roman Drahtmueller (Jun 19)
- Re: local root on linux 2.2.15 Joseph Gooch (Jun 15)
- Conectiva Linux Security Announcement - ZOPE Sergio Bruder (Jun 16)