On Fri, 17 Aug 2007, Glynn Clements wrote:
> There definitely appears to be potential for DoS against system-wide
> resources.
>
Only the potential. In most cases that potential will remain unimplemented
since there are only a few setuid binaries in the system, so the real DoS
attack may be either impossible or bring a too tiny harm like impossibility for
users to change their passwords or finger information. Several posters already
talked here about the need to provide a PoC exploit that will work for at least
10% cases before raising an alarm. The security implication of this bug is in
fact rather theoretical than practical. Nobody yet talked here that this is not
a bug to be fixed. The original poster just raised a false alarm here. That is
what I talk about.
BTW, many setuid root binaries like /bin/su don't even issue setuid(0)
and work under RUID of the calling user (but they do issue setuid(<UID of
authenticated user>) before executing either shell or program as a child),
which means in turn that they can be easily killed in a usual way.
--
Sincerely Your, Dan.
