Vulnerability Development mailing list archives
Re: nonsuid overflows... still at risk?
From: KF <dotslash () snosoft com>
Date: Wed, 06 Jun 2001 07:59:56 -0400
Michal Zalewski wrote:
Not really. As long as crontab itself is not broken, it should invoke vi without additional priviledges.
Thats the part that I was wondering about ... the level of priviledges at the point that crontab invoked vi... I wasn't sure if some setreuid code could be used or not... so I assume the same goes for more and pg ... just so long as the programs that would call them are not in a state of elevated privs at the point that $PAGER is used the hole should not be exploitable. -KF
Current thread:
- Re: TCSH problems?, (continued)
- Re: TCSH problems? Felix Kronlage (Jun 06)
- Re: TCSH problems? Andreas Forsgren (Jun 06)
- Re: TCSH problems? Branko Ivanovic (Jun 06)
- Re: TCSH problems? Lee Smith (Jun 06)
- Re: TCSH problems? sean (Jun 07)
- Re: TCSH problems? poke (Jun 07)
- Re: TCSH problems? Felix Kronlage (Jun 06)
- Re: nonsuid overflows... still at risk? Andrew R. Reiter (Jun 06)
- Re: nonsuid overflows... still at risk? Michal Zalewski (Jun 06)
- Re: nonsuid overflows... still at risk? KF (Jun 06)
- Re: nonsuid overflows... still at risk? Michal Zalewski (Jun 06)
- Re: nonsuid overflows... still at risk? KF (Jun 06)
- crontab and sgid (was: nonsuid overflows... still at risk?) Tomasz Grabowski (Jun 07)
- Re: crontab and sgid (was: nonsuid overflows... still at risk?) Olaf Kirch (Jun 08)
- Re: crontab and sgid (was: nonsuid overflows... still at risk?) Rafal Wojtczuk (Jun 09)
- Re: nonsuid overflows... still at risk? KF (Jun 06)