[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200503011801.NAA25636@Sparkle.Rodents.Montreal.QC.CA>
Date: Tue, 1 Mar 2005 12:57:38 -0500 (EST)
From: devnull@...ents.Montreal.QC.CA
To: bugtraq@...urityfocus.com
Subject: Re: 7a69Adv#22 - UNIX unzip keep setuid and setgid files
[As usual when I write here, the header From: is a black hole. Use the
address in the signature to actually reach me.]
>> this only works if the user un-zipping the file is already root.
>> otherwise it creates an "sh" binary which is setuid to the user who
>> unzipped the file.
> If your homedir is worldreadable, which is pretty common practice the
> other user can run the shell and get your useraccount.
This is confusing readable with executable.
If a directory is readable, anyone can find out the names of the things
in it. If it's executable, anyone who knows a thing's name there can
get to the thing.
Read and execute access usually go together on directories, but they
don't have to. (A +r-x directory is of doubtful use. But -r+x is
comparatively useful.)
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse@...ents.montreal.qc.ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Powered by blists - more mailing lists