Re: Exploit for Linux wu.ftpd hole

Michael Shields (shields@tembel.org)
Thu, 6 Jul 1995 23:33:54 +0000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dr. Frederick B. Cohen: "Re: Why are we using priveleged images / state so much? (Was Re:"
Previous message: Stan Barber: "Re: Yggdrasil Linux (mis)configuration problem"
In reply to: Mike Edulla: "Re: Exploit for Linux wu.ftpd hole"
Next in thread: Mike Edulla: "Re: Exploit for Linux wu.ftpd hole"

> minicom has a known, but not very well-known hole in it that is nearly
> identical to the wu-ftp hole. If you are a legitimate user of a pre 1.71
> version of minicom, you can get root,

What is minicom doing as root?  It should be setgid dialout.

Is Slackware really doing that?

> There also apepars to be a bug in syslog. If you do something like:
>
> grep -v "ROOT" messages > mmm; mv mmm messages

This isn't a security hole since users shouldn't be able to write to
/var/log/messages.

> Logging is disabled, I suspect this problem is that the file pointer
> maintained by syslog is getting ahead of the physical EOF, and thus
> writes will fail, but this is just a guess, and I havent looked at the
> source to linux's syslog.

When you move something on top of messages, messages is unlinked.
The file is still open, but no longer accessible through the directory
structure.
--
Shields.

Next message: Dr. Frederick B. Cohen: "Re: Why are we using priveleged images / state so much? (Was Re:"
Previous message: Stan Barber: "Re: Yggdrasil Linux (mis)configuration problem"
In reply to: Mike Edulla: "Re: Exploit for Linux wu.ftpd hole"
Next in thread: Mike Edulla: "Re: Exploit for Linux wu.ftpd hole"