The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


BSD coredumps follow symlinks


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
X-RDate: Mon, 06 Apr 1998 10:08:17 +0600 (ESD)
Date: Thu, 2 Apr 1998 11:48:46 +0300
From: Nir Soffer <scorpios@CS.HUJI.AC.IL.>
To: [email protected]
Subject: Re: BSD coredumps follow symlinks

On Tue, 31 Mar 1998, Denis Papp wrote:

> I have a system running BSD/OS 2.1 with all the patches from BSDi, including
> K210-029 which I quote:
> "This patch addresses a security problem with core dumps from setuid programs."
>


That's very wierd. Back when I found the same bug in BSDI 3.0 I tried the
same in BSDi 2.1 and it didn't work. Maybe we used a different patch, but
this is the transcript:

jupiter[ /tmp ] uname -a
BSD/OS jupiter.cs.huji.ac.il 2.1 BSDI BSD/OS 2.1 Kernel #4: Tue Oct  8
08:49:52 IST 1996     [email protected]:/sys/compile/CHAMSA  i386
jupiter[ /tmp ] ls -la lpr.core
lrwxrwxrwt  1 root  wheel  8 Apr  2 11:37 lpr.core@ -> /etc/BLA
jupiter[ /tmp ] lpr &
[1] 29989
jupiter[ /tmp ]
[1]  + Suspended (tty input)  lpr
jupiter[ /tmp ] kill -6 %1
jupiter[ /tmp ] fg
lpr
IOT trap
jupiter[ /tmp ] ls -la /etc/BLA
ls: /etc/BLA: No such file or directory
jupiter[ /tmp ]


jupiter[ /tmp ] ls -la `which lpr`
-rwsr-sr-x  1 root  daemon  26533 Feb 19  1996 /usr/local/bin/lpr*
jupiter[ /tmp ]


lpr will dump core if there is no symlink there. Maybe you failed to
install the patch correctly?

Regards,
Nir.

 --
Nir Soffer * [email protected] * http://www.cs.huji.ac.il/~scorpios
"I wouldn't recommend sex drugs or insanity for everyone but they've
always worked for me."
                -- Hunter S. Thompson
Mail me with the subject 'get pgp key' for my PGP Public key.


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру