[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Some more....
- Subject: [cobalt-security] Some more....
- From: "Thomas Fosbenner Jr." <tom@xxxxxxxxxxx>
- Date: Mon, 24 Jul 2000 17:33:08 -0400
Here is an excerpt from the actual code of that program.
Maybe this has been fixed but I haven't heard anything about it.
Let me know if I am a moron and am behind the times or let me know if I
enlightened you.
Thanks
[Actual Comment From the Code]
# synopsis:
# both 'pam' and 'userhelper' (a setuid binary that comes with the
# 'usermode-1.15' rpm) follow .. paths. Since pam_start calls down to
# _pam_add_handler(), we can get it to dlopen any file on disk.
'userhelper'
# being setuid means we can get root.
PS. There is actually another program that I had with this one that does
almost the same thing. I can send that also.