On Mon, Nov 17, 2003 at 20:23:12 -0500 (EST), [EMAIL PROTECTED] wrote: noir> attached exploit will get you uid=0 and break any possible chroot jail noir> your parent process might be in, works on all 2.x and 3.x upto 3.3. noir> noir> priv seperation, chroot jail, systrace yeah yeah right ;P theo and niels
Your code does: if((fd = open("./ibcs2own", O_CREAT^O_RDWR, 0755)) < 0) { How on earth is this going to work against privilege separation ? In each sane setup, a server process is chrooted to a directory with no writable directories. noir> so i hope, some of you openbsd loving losers will finally get the truth noir> behind your cult. it is a big LIE, aloha ???? Being not a diehard obsd fan, I must notice that 3.4 kernel is built with stack smashing protection, which reduces this hole to pure local DoS only. Can you name any other OS which has any prevention against kernel buffer overflow ? Yes, this bug is hopeless, but stay objective. peace, algo
pgp00000.pgp
Description: PGP signature