Thus spake Ken Bloom ([EMAIL PROTECTED]): > On Tue, 21 Oct 2003 18:20:22 +0200, Bijan Soleymani wrote: > > > On Tue, Oct 21, 2003 at 11:34:52AM -0400, Roberto Sanchez wrote: > > For example imagine you make "cat" suid... > > > > Then someone can do: > > cat /bin/rm /bin/cat > > Interesting attack in theory, but it doesn't work. > the correct command is cat /bin/rm > /bin/cat > and when you run that command, the pipe is handled by the unprivileged > shell. > > > cat -rf /
Ah, but there's another thing: overwriting a setuid file turns the setuid bit off. (I think this was originally put into *nix for C2 certification) So it still wouldn't work. -- |Deryk Barker, Computer Science Dept. | Music does not have to be understood| |Camosun College, Victoria, BC, Canada| It has to be listened to. | |email: [EMAIL PROTECTED] | | |phone: +1 250 370 4452 | Hermann Scherchen. | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
