lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 15 Aug 2007 22:31:44 +0200 (CEST)
From: Wojciech Purczynski <cliph@...c.pl>
To: x82_@...ru
Cc: bugtraq@...urityfocus.com
Subject: Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death
 Signal Vulnerability


> In my eyes this is definitely a security issue. But I cannot imagine a
> way to exploit this issue at the moment. First you have to find a suid
> binary which fork()'s. Next thing is that you need access to that
> binary. And then? If both conditions are really met, what's next? The
> possibilities are depending a little bit on the suid binary, am I right?
> Please feel free to correct me if I am wrong.

You do not need suid that forks, you do the fork then child execves victim
suid which then setuids and your parent execves another suid that exits or
dies and thus the parent process death signal gets delivered to victim
suid. It's all in my advisory.

Powered by blists - more mailing lists