lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.44.0708160107450.20549-100000@D00M.lightwave.net.ru>
Date: Thu, 16 Aug 2007 01:19:31 +0400 (MSD)
From: Dan Yefimov <dan@...5.lightwave.net.ru>
To: Wojciech Purczynski <cliph@...c.pl>
Cc: bugtraq@...urityfocus.com
Subject: Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death
 Signal Vulnerability

On Wed, 15 Aug 2007, Wojciech Purczynski wrote:

> The problem is that without suid binary execved from parent process you
> can not send the signal. ;) With suid binary you can and that makes this
> issue a privilege escalation vulnerability.
> 
Could you please explain it to me where do you see privilege escalation here?
If the setuid root binary allows arbitrary code execution on getting an 
unexpected signal (but signals are always unexpected due to their asynchronous 
and independent nature), that is the problem with that particular binary, not 
Linux itself. In that case you are right, there is the privilege escalation 
vulnerability, but vulnerability is in that particular binary. Linux itself
has nothing to do with that and should not be blamed at all.
-- 

    Sincerely Your, Dan.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ