> ... another solution -- allow fcntl() to remove read-only and
> append-only limitations, so that behaviour is at least explicit.
Do not lower security, just to emulate /proc sloppiness. (That would be
like fixing a root security bug by doing away with the root password.)
Is there anything (curre
Hi!
(no html, please).
>Proc does not need to be fixed, because /proc is referring to a file
>inode.
Well, that does not mean /proc does not need fixing.
>You are expecting transactional behavior in /proc, where /proc only
>registers object information.
...
>And I think you
Pavel,
Proc does not need to be fixed, because /proc is referring to a file
inode.
And due to the fact that it's being presented in /proc as an fd, you
treat it
as an fd, therefor your expectations do not match.
Your assumptions is; because you accessed the world writable file via
a read-on
Jim,
Sorry, but your 'prove' below is wrong!
You are opening the locked down file as root and passing that
fd as input to the nobody process.
So nobody is not opening /dir/file.txt (he can't because he hasn't
access to it via /dir) but root is...
Therefor the write to the fd is failing, because
#
Application: My Remote File Server
Platforms: Windows XP Professional SP2
Exploitation: Privilege Escalation
Date: 2009-10-26
Author: Francis Provencher (Protek Research Lab's)
Marco Verschuur wrote:
> Your assumption that the same file descriptor is being re-opened is
> wrong! The file descriptor retrieved via /proc is a new one. It is
> not the same as the initial read-only.
Yes, I totally agree.
> Therefor it's totally of no influence what you do with the original
Hi!
> Your assumption that the same file descriptor is being re-opened is
> wrong!
> The file descriptor retrieved via /proc is a new one. It is not the
> same as the
> initial read-only.
True, we were just being sloppy with the words. But it does not matter
one iota.
> As Martin Rex already exp
Jim,
Your assumption that the same file descriptor is being re-opened is
wrong!
The file descriptor retrieved via /proc is a new one. It is not the
same as the
initial read-only.
Do a strace on your test and you will see that the 'file descriptor'
in /proc
will be accessed as an ordinairy
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi.
This vulnerability was ranked 10.0 (for Windows) in CPUoct2009 and
related to improper AUTH_SESSKEY parameter length validation.
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html
Executable + source code att
*** Windows Media Player Plugin: Local File Detection Vulnerability ***
A design flaw in Windows Media Player 11 allows a remote attacker to determine
the presence of local files (programs, documents, etc.). I sent an e-mail to
Microsoft (nearly a year ago) but they never responded
Windows Med
## Securitylab.ir
# Application Info:
# Name: PSArt
# Version: 1.2
#
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts: admin[at]securitylab.ir & i...@sec
CubeCart 4 Session Management Bypass
Release Date: 2009/10/29
Author: Bogdan Calin (bogdan [at] acunetix [dot] com)
Severity: Critical
Vendor Status: Vendor has released an updated version
I. Background
>From Wikipedia: CubeCart is a free-to-use eCommerce software solution,
designed to allow ind
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:291
http://www.mandriva.com/security/
Summary: another backdoored joomla component (yawn)
Application: Jumi, a joomla component
About Jumi:
Jumi is the set of custom code extensions for Joomla! 1.0.x and 1.5.x in
their native modes. Since 2006 more then 200.000 downloads. With Jumi you
can include php, html, javascript scripts
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA-1923-1secur...@debian.org
http://www.debian.org/security/ Nico Golde
October 27th, 2009
Hi!
> There are two conceivable approaches to implementing the open() for
> a filedescriptor shown in /proc. Either go throuh the inode and
> check the access permissions on the file at the current time
> (which is a sensible implementation and what the kernel seems
> to be currently doing), or i
SafeNet SoftRemote Local Buffer Overflow - Security Advisory - SOS-09-008
Release Date. 30-Oct-2009
Vendor Notification Date. 20-Jul-2009
Product. SafeNet SoftRemote
Platform. Microsoft Windows
Affected versions. 10.8.5
> > 0700 mode from the origin, you would be right, and procfs wouldn't allow
> > opening files in that directory too, but if you let others to traverse
> > that directory and open your believed to be secure files from the origin,
> > it's your fault.
>
> I can do the example with fd passing and
18 matches
Mail list logo