Bugtraq mailing list archives
Re: Solaris Signals
From: Frank v Waveren <fvw () var cx>
Date: Thu, 13 Feb 2003 12:44:36 +0100
On Wed, Feb 12, 2003 at 03:21:49AM +0000, Jon Masters wrote:
We all know that old chestnut about tracing setuid programs or scripts, but what about non-setuid scripts which have been installed for users and given execute only permission. For example, a lot of sites provide scripts for users to run which perform some admin related function and thus have usernames or passwords within them - potentially free to users.
Making programs execute-only is no security for such things unless you add a lot of weird-and-definately-not-wonderful special cases all over the OS. Even if you stop programs from dumping core if access(executable, R_OK), you can still do LD_PRELOAD/LD_LIBRARY tricks and get access to the process' memory (or just log all library or system calls which gets you all the interesting stuff too, usually), and with a little creativity there's plenty of other ways to get around lack of read rights. -- Frank v Waveren Fingerprint: 21A7 C7F3 fvw@[var.cx|stack.nl|chello.nl] ICQ#10074100 1FF3 47FF 545C CB53 Public key: hkp://wwwkeys.pgp.net/fvw () var cx 7BD9 09C0 3AC1 6DF2
Current thread:
- Solaris Signals Jon Masters (Feb 12)
- Re: Solaris Signals Frank v Waveren (Feb 13)
- Re: Solaris Signals ari (Feb 14)
- Re: Solaris Signals Casper Dik (Feb 14)
- Re: Solaris Signals ari (Feb 14)
- <Possible follow-ups>
- Re: Solaris Signals Jon Masters (Feb 13)
- Re: Solaris Signals Frank v Waveren (Feb 13)