| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 27 Feb 2015 08:06:20 +0000
From: halfdog <me@...fdog.net>
To: fulldisclosure@...lists.org
Subject: [FD] upstart logrotate privilege escalation in Ubuntu Vivid
(development)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Although just reported to Ubuntu, this minor dev-branch issue was already made public. As the launchpad/lkml/... feed-miners should not play all the games alone, and as others may want to learn how beginner errors still make it into packages of quite large distributions, enjoy the power of
for session in /run/user/*/upstart/sessions/*
do
env $(cat $session) /sbin/initctl emit rotate-logs >/dev/null 2>&1 || true
done
executed as root. See [1]
hd
[1] http://www.halfdog.net/Security/2015/UpstartLogrotationPrivilegeEscalation/
- --
http://www.halfdog.net/
PGP: 156A AE98 B91F 0114 FE88 2BD8 C459 9386 feed a bee
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlTwJXEACgkQxFmThv7tq+4LKgCcCKMaOdO0xObIno415g6qZAxp
LZQAnj8giZDPkLYZPD/TVhY958/vXMSJ
=xyAX
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists