Re: Yesterday this would have worked... (fwd)

der Mouse (mouse@Collatz.McRCIM.McGill.EDU)
Sat, 17 Dec 1994 07:34:50 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Timothy Newsham: "Re: regarding the (ex)preserve holes"
Previous message: Mark: "Re: Crack type program for Novell Netware"
Maybe in reply to: Matthew Harding: "Yesterday this would have worked... (fwd)"
Next in thread: Timothy Newsham: "Re: Yesterday this would have worked... (fwd)"

> Here is the original message posted with permission, 10 points to
> anyone who can spot the supposed flaw in the BSDI O/S with this.

Looks to me as though exec() sets the UID on the process per setuid
bits before it checks for arguments too long, and doesn't take care to
undo this properly in that case.

> BTW, anyone care to comment if this should be replicable across
> platforms?

Depends on where the bug came from.  If it's one of those ever-since-V7
bugs it should be widespread; if it's a fumble-fingers mistake from
BSDI it's probably not elsewhere.  I'm sure everyone can imagine
variations.  I'm certainly going to test _my_ systems!

					der Mouse

			    mouse@collatz.mcrcim.mcgill.edu

Next message: Timothy Newsham: "Re: regarding the (ex)preserve holes"
Previous message: Mark: "Re: Crack type program for Novell Netware"
Maybe in reply to: Matthew Harding: "Yesterday this would have worked... (fwd)"
Next in thread: Timothy Newsham: "Re: Yesterday this would have worked... (fwd)"