lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200503011801.NAA25636@Sparkle.Rodents.Montreal.QC.CA>
Date: Tue, 1 Mar 2005 12:57:38 -0500 (EST)
From: devnull@...ents.Montreal.QC.CA
To: bugtraq@...urityfocus.com
Subject: Re: 7a69Adv#22 - UNIX unzip keep setuid and setgid files


[As usual when I write here, the header From: is a black hole.  Use the
address in the signature to actually reach me.]

>> this only works if the user un-zipping the file is already root.
>> otherwise it creates an "sh" binary which is setuid to the user who
>> unzipped the file.
> If your homedir is worldreadable, which is pretty common practice the
> other user can run the shell and get your useraccount.

This is confusing readable with executable.

If a directory is readable, anyone can find out the names of the things
in it.  If it's executable, anyone who knows a thing's name there can
get to the thing.

Read and execute access usually go together on directories, but they
don't have to.  (A +r-x directory is of doubtful use.  But -r+x is
comparatively useful.)

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@...ents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ