[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Some more....

Subject: Re: [cobalt-security] Some more....
From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
Date: Mon, 24 Jul 2000 23:00:12 +0100 (BST)

Hi.  This was discovered in April.

More information at http://linux.dp.ua/maillist/msg00001.html

I will test it on my RaQ 3...

Regards,
Gos.

On Mon, 24 Jul 2000, Thomas Fosbenner Jr. wrote:

> Here is an excerpt from the actual code of that program.
> Maybe this has been fixed but I haven't heard anything about it.
> Let me know if I am a moron and am behind the times or let me know if I
> enlightened you.
>  Thanks
> 
> [Actual Comment From the Code]
> 
> # synopsis:
> #    both 'pam' and 'userhelper' (a setuid binary that comes with the
> #    'usermode-1.15' rpm) follow .. paths. Since pam_start calls down to
> #    _pam_add_handler(), we can get it to dlopen any file on disk.
> 'userhelper'
> #    being setuid means we can get root.
> 
> 
> PS. There is actually another program that I had with this one that does
> almost the same thing. I can send that also.
> 
> 
> 
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
> 

-- 
gossi@xxxxxxxxxxxxxxx

Follow-Ups:
- Re: [cobalt-security] Some more....
  - From: Dan Diehl

References:
- [cobalt-security] Some more....
  - From: Thomas Fosbenner Jr.

Prev by Date: [cobalt-security] Some more....
Next by Date: RE: [cobalt-security] I tried..
Previous by thread: [cobalt-security] Some more....
Next by thread: Re: [cobalt-security] Some more....

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index