Re: Dependency reciprocity : real world problem with httpd and httpd-suexec

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

>>If you download a package from a 3rd party that has buffer overflows and 
>>is setgid, you now have a buggy program with buffer overflows running as root.
>
>Not sure about that - it should certainly not set the setuid bit

You don't need the setuid bit of root to start with. The setgid bit of root is
just enough wiggle room on most systems to compromise the whole thing in a few
steps.

-Steve Grubb

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux