Bugtraq mailing list archives

Re: FreeBSD 4.3 local root

From: Foldi Tamas <crow () kapu hu>
Date: 13 Jul 2001 13:39:02 +0200

Quick workaround is to limit arguments, environment and filter non-ascii
characters:

http://www.frasunek.com/sources/security/rexec/


This workaround not complete, because it doesn't protect for the bug
exploitation. For example the attacker can send the shellcode via stdin
to the suid program. It's address can also be determined with removing
the suid bit from the program, and tracing it non-root.

What's your opinion? 

(BTW, rexec is generally a good idea, we like it)

Best regards,
Megyer Ur (lez), Foldi Ur

-- 
. . _ __ ______________________________________________________ __ _ . .
Foldi Tamas - We Are The Hashmark In The Rootshell - Security Consultant
   crow () kapu hu - PGP: finger://crow () thot banki hu - (+3630) 221-7477

Current thread:

Re: FreeBSD 4.3 local root Przemyslaw Frasunek (Jul 11)
- Re: FreeBSD 4.3 local root Matias Sedalo (Jul 15)
- Re: FreeBSD 4.3 local root Foldi Tamas (Jul 15)
  - Re: FreeBSD 4.3 local root Przemyslaw Frasunek (Jul 15)