Bugtraq mailing list archives
Re: Splitvt exploit
From: joey () KITENET NET (Joey Hess)
Date: Fri, 16 Jun 2000 16:33:23 -0700
Andrey Savochkin wrote:
+ /* Same for gid (program may be setgid utmp on some + * systems). */ + (void) setgid(getgid()); /* Run the requested program, with possible leading dash. */ execvp(((*argv[0] == '-') ? argv[0]+1 : argv[0]), argv);I don't know what splitvt is, but shouldn't setgid go _before_ setuid call for dropping privileges?
Yes it should, although in reality it's not going to change anything (splitvt has no conceivable reason to be setuid and setgid at the same time). Someone pointed that out yesterday and I've changed my patch. I guess I'll post this to bugtraq too since several people have pointed that out now. -- see shy jo
Current thread:
- Security Advisory: local ROOT exploit in BRU, (continued)
- Security Advisory: local ROOT exploit in BRU Technical Support (Jun 14)
- Re: Snort 1.6 and nmap 2.54beta1 Martin Roesch (Jun 14)
- Re: Sendmail local root exploit on linux 2.2.x Mark K. Pettit (Jun 08)
- Reporting Security Issues to Microsoft Microsoft Security Response Center (Jun 08)
- Re: Sendmail local root exploit on linux 2.2.x Christophe GRENIER (Jun 08)
- arprelay: a tool to edit TCP connections in a LAN Felix von Leitner (Jun 09)
- Re: Sendmail local root exploit on linux 2.2.x Alan Iwi (Jun 12)
- Splitvt exploit syzop (Jun 14)
- Re: Splitvt exploit Joey Hess (Jun 14)
- Re: Splitvt exploit Andrey Savochkin (Jun 16)
- Re: Splitvt exploit Joey Hess (Jun 16)
- NAI WebShield SMTP does not scan base64 encoding chris.paget () ANALYSYS COM (Jun 20)
- Re: Splitvt exploit Joey Hess (Jun 14)
- Re: Splitvt exploit Kris Kennaway (Jun 15)
- Re-release of IIS 5.0 Patch for MS00-031 Microsoft Product Security (Jun 16)
- Infosec.20000617.panda.a Ian Vitek (Jun 17)
- Reliable Software Technologies releases new e-mail virus protection software Tim Hollebeek (Jun 14)
- Microsoft Security Bulletin (MS00-041) Microsoft Product Security (Jun 14)