OpenNET security: patch for exec+ptrace security hole available (fwd)

patch for exec+ptrace security hole available (fwd)


<< Previous	INDEX	Search	src	Set bookmark	Go to bookmark	Next >>

Date: Sat, 16 Jun 2001 14:44:11 -0300 (BRT)
From: Vagner Sacramento <[email protected]>
To: [email protected]
Subject: patch for exec+ptrace security hole available (fwd)

---------- Forwarded message ----------
Date: Sat, 16 Jun 2001 11:08:53 -0400 (EDT)
From: Aaron Campbell <[email protected]>
To: [email protected]
Subject: patch for exec+ptrace security hole available

A race condition exists in the kernel execve(2) implementation that opens
a small window of vulnerability for a non-privileged user to
ptrace(2) attach to a suid/sgid process.

2.8 patch:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/030_kernexec.patch

2.9 patch:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/007_kernexec.patch

The fix has also been committed to the 2.8 and 2.9 stable branches.

The bug was found by Georgi Guninski; Art Grabowski came up with a fix.

Vagner sacramento


<< Previous	INDEX	Search	src	Set bookmark	Go to bookmark	Next >>

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2025 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру