[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.44.0708181439300.11590-100000@D00M.lightwave.net.ru>
Date: Sat, 18 Aug 2007 15:02:49 +0400 (MSD)
From: Dan Yefimov <dan@...5.lightwave.net.ru>
To: Glynn Clements <glynn@...ements.plus.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death
Signal Vulnerability
On Fri, 17 Aug 2007, Glynn Clements wrote:
> There definitely appears to be potential for DoS against system-wide
> resources.
>
Only the potential. In most cases that potential will remain unimplemented
since there are only a few setuid binaries in the system, so the real DoS
attack may be either impossible or bring a too tiny harm like impossibility for
users to change their passwords or finger information. Several posters already
talked here about the need to provide a PoC exploit that will work for at least
10% cases before raising an alarm. The security implication of this bug is in
fact rather theoretical than practical. Nobody yet talked here that this is not
a bug to be fixed. The original poster just raised a false alarm here. That is
what I talk about.
BTW, many setuid root binaries like /bin/su don't even issue setuid(0)
and work under RUID of the calling user (but they do issue setuid(<UID of
authenticated user>) before executing either shell or program as a child),
which means in turn that they can be easily killed in a usual way.
--
Sincerely Your, Dan.
Powered by blists - more mailing lists