Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability
From: Wojciech Purczynski <cliph@xxxxxxx>
Date: Tue, 14 Aug 2007 22:18:38 +0200 (CEST)
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <Pine.LNX.4.44.0708142156570.2204-100000@xxxxxxxxxxxxxxxxxxxxx>
Sender: wp@xxxxxxxxxxxx

> I'm not sure this is a real security issue. If some process has the same
> effective UID as the given one, the former can always send any signal to
> the latter. Thus the behaviour you described is IMHO normal.

It becomes a security issue whenever suid process drops user's UIDs.

Follow-Ups:
- Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability
  - From: Dan Yefimov

References:
- Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability
  - From: Dan Yefimov

Prev by Date: TPTI-07-14: HP OpenView Multiple Product Shared Trace Service Stack Overflow Vulnerabilities
Next by Date: ZDI-07-046: Microsoft Windows Media Player Skin Parsing Size Mismatch Heap Overflow Vulnerability
Previous by thread: Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability
Next by thread: Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux