[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Linux X86 fileutils-4x local root exploit
From: |
Paul Eggert |
Subject: |
Re: Linux X86 fileutils-4x local root exploit |
Date: |
Sat, 19 Jun 2004 14:25:30 -0700 |
User-agent: |
Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux) |
Antti J Hätinen <address@hidden> writes:
> Is there a patch against this exploit?
I don't see any exploit that is related to fileutils. "rm" doesn't
have setuid privileges, so whatever "rm" can do under the supposed
"exploit", your C program can do anyway.
It's true that you can fool "rm" into thinking that it is running as
root, but you can just as easily take the source code to "rm", modify
it so that the modified "rm" thinks that it is running as root,
compile the modified version, and run it. Same effect.