Re: two questions (newbie)

On Thu, 15 Aug 2002 22:13:35 +0200, Ruben Porras <nahoo82 telefonica net>  said:
> Thanks, it help me a lot. The only reason for this question is that I'm
> writing a program to configure lilo, so I need to have permisions to
> write lilo.conf and execute lilo. Only for that, after this I can give
> away the permisions.
> Is this really dangerous? I mean, is posible to exploit this? the time
> the program needs the setuid are only 2 or 3 seconds.

You might want to ask yourself why you want a non-root user screwing
around with the contents of lilo.conf - that RIGHT THERE is a security
hole, as they can add a stanza like this:


Game over at next reboot. ;)

Also, note that many of the attacks listed can be set up *in advance* by
an attacker (like most "follows symlink" bugs, for example).

Other attacks can be launched at will - remember that the attacker can set
up a mangled runtime environment and then exec() your program to attack it.


Attachment: pgp57ALco6yWt.pgp
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]