Bugtraq mailing list archives
Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability
From: Wojciech Purczynski <cliph () isec pl>
Date: Wed, 15 Aug 2007 22:31:44 +0200 (CEST)
In my eyes this is definitely a security issue. But I cannot imagine a way to exploit this issue at the moment. First you have to find a suid binary which fork()'s. Next thing is that you need access to that binary. And then? If both conditions are really met, what's next? The possibilities are depending a little bit on the suid binary, am I right? Please feel free to correct me if I am wrong.
You do not need suid that forks, you do the fork then child execves victim suid which then setuids and your parent execves another suid that exits or dies and thus the parent process death signal gets delivered to victim suid. It's all in my advisory.
Current thread:
- Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability, (continued)
- Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability Wojciech Purczynski (Aug 14)
- Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability Dan Yefimov (Aug 15)
- Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability Wojciech Purczynski (Aug 15)
- Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability Dan Yefimov (Aug 15)
- Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability Wojciech Purczynski (Aug 15)
- Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability Dan Yefimov (Aug 15)
- Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability Wojciech Purczynski (Aug 16)
- Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability Dan Yefimov (Aug 16)
- Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability Dan Yefimov (Aug 15)
- Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability Wojciech Purczynski (Aug 15)