| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <mpro.lal64j0l71kbk02af.taviso@cmpxchg8b.com> Date: Wed, 20 Oct 2010 13:19:31 +0200 From: Tavis Ormandy <taviso@...xchg8b.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: The GNU C library dynamic linker expands $ORIGIN in setuid library search path Louis Granboulan <louis.granboulan.security@...il.com> wrote: > However, it is quite clear to me that the current behaviour is > inconsistent and is the reason of this security flaw. We see $ ls -l > /proc/self/fd/3 pretend that it is a symbolic link to a file that does not > exist, and $ ls -lL /proc/self/fd/3 show a setuid file. > > Louis, the commands specified in the advisory were intended to help illustrate the problem, not be a replacement for any analysis. Your questions were anticipated, and answered in the Notes section. Next time I will put the Notes section at the top ;-) Tavis. -- ------------------------------------- taviso@...xchg8b.com | pgp encrypted mail preferred ------------------------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists