On Sat, 22 Jul 2000, guy keren wrote:
> On Sat, 22 Jul 2000, netvision wrote:
>
> > You can shutdown by a user, by building a special program for that purpose.
> > This program will use the 'setuid' command with userid root, and the
> > shutdown
> > command with it's flags can be hard coded, or get the flags as parameters.
>
> the way you describe this - you ight as well give those users the root
> password, as your little program can be quite trivially fooled into
> running any code the user wants to. in general, one should NOT write suid
> programs without proper security checking. just as an example, one could
> use the LD_PRELOAD environment variable in order to load a library that
> defines 'system' as a function that simply spawns a shell and attaches its
> prompt to the user's terminal.
Except that LD_PRELOAD is ignored for suid root binaries. Is there
another exploit for the program given?
--
Matan Ziv-Av. [EMAIL PROTECTED]
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
