Vulnerability Development mailing list archives

Re: nonsuid overflows... still at risk?

From: Michal Zalewski <lcamtuf () bos bindview com>
Date: Wed, 6 Jun 2001 11:02:21 -0400 (EDT)

On Wed, 6 Jun 2001, KF wrote:

exactly what I was thinking... crontab -e calls vi to open the users
crontab... this is why I was wondering if it could be exploited due to
the fact that crontab is suid.


Not really. As long as crontab itself is not broken, it should invoke vi
without additional priviledges. Otherwise, you can always type ':!sh' in
command mode and you do not need buffers overflows to do that.

-- 
_____________________________________________________
Michal Zalewski [lcamtuf () bos bindview com] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=

Current thread:

Re: TCSH problems?, (continued)
- - Re: TCSH problems? Edsel Adap (Jun 06)
  - Re: TCSH problems? Felix Kronlage (Jun 06)
    - Re: TCSH problems? Andreas Forsgren (Jun 06)
  - Re: TCSH problems? Branko Ivanovic (Jun 06)
  - Re: TCSH problems? Lee Smith (Jun 06)
    - Re: TCSH problems? sean (Jun 07)
  - Re: TCSH problems? poke (Jun 07)
- Re: nonsuid overflows... still at risk? Andrew R. Reiter (Jun 06)
- Re: nonsuid overflows... still at risk? Michal Zalewski (Jun 06)
  - Re: nonsuid overflows... still at risk? KF (Jun 06)
    - Re: nonsuid overflows... still at risk? Michal Zalewski (Jun 06)
    - Re: nonsuid overflows... still at risk? KF (Jun 06)
    - crontab and sgid (was: nonsuid overflows... still at risk?) Tomasz Grabowski (Jun 07)
    - Re: crontab and sgid (was: nonsuid overflows... still at risk?) Olaf Kirch (Jun 08)
    - Re: crontab and sgid (was: nonsuid overflows... still at risk?) Rafal Wojtczuk (Jun 09)
- Re: nonsuid overflows... still at risk? Bela Lubkin (Jun 07)