sys_set*id confusion in 2.2.0

Augusto Cesar (bishop@sekure.org)
Thu, 4 Feb 1999 20:12:30 -0200 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Martin Schipany: "Interupt 251 / SMP ?"
Previous message: Andrea Arcangeli: "disaster ;) [Re: [patch] real fix [Re: [patch] fixed 2.2.1 inode-leakage due bogus design of the fre"

This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.

---1463418623-1701588328-918166118=:4638
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Content-ID: <Pine.LNX.4.05.9902042012201.5527@bishop.psychadelic.org>

Hi,

I was testing the kernel 2.2.0 then I saw that old sys_set*id bug.
Why this isnt patched? If a user have id 131072 is a root. Can be used to
hide root users. This bug was found by Michael Zalewski some time ago and
I port his patch to 2.2.0, Im attaching in the message.

-- Augusto Cesar Sekure SDI

bishop@sekure.org pgp key at: http://bishop.sekure.org/bishop.key http://www.sekure.org

---1463418623-1701588328-918166118=:4638 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII; NAME="setuid-fix-2.2.0" Content-Transfer-Encoding: BASE64 Content-ID: <Pine.LNX.4.05.9902042008380.4638@bishop.psychadelic.org> Content-Description: Content-Disposition: ATTACHMENT; FILENAME="setuid-fix-2.2.0"

ZGlmZiAtcnUgbGludXgub3JpZy9rZXJuZWwvc3lzLmMgbGludXgva2VybmVs L3N5cy5jDQotLS0gbGludXgub3JpZy9rZXJuZWwvc3lzLmMJVGh1IEZlYiAg NCAxNzo1MjozOSAxOTk5DQorKysgbGludXgva2VybmVsL3N5cy5jCVRodSBG ZWIgIDQgMTg6MDE6NDUgMTk5OQ0KQEAgLTI1Niw2ICsyNTYsOCBAQA0KIAlp bnQgb2xkX3JnaWQgPSBjdXJyZW50LT5naWQ7DQogCWludCBvbGRfZWdpZCA9 IGN1cnJlbnQtPmVnaWQ7DQogDQorCWlmIChyZ2lkPjB4ZmZmZiB8fCBlZ2lk PjB4ZmZmZikgcmV0dXJuIC1FSU5WQUw7DQorDQogCWlmIChyZ2lkICE9IChn aWRfdCkgLTEpIHsNCiAJCWlmICgob2xkX3JnaWQgPT0gcmdpZCkgfHwNCiAJ CSAgICAoY3VycmVudC0+ZWdpZD09cmdpZCkgfHwNCkBAIC0yOTMsNiArMjk1 LDggQEANCiB7DQogCWludCBvbGRfZWdpZCA9IGN1cnJlbnQtPmVnaWQ7DQog DQorCWlmIChnaWQ+MHhmZmZmKSByZXR1cm4gLUVJTlZBTDsNCisNCiAJaWYg KGNhcGFibGUoQ0FQX1NFVEdJRCkpDQogCQljdXJyZW50LT5naWQgPSBjdXJy ZW50LT5lZ2lkID0gY3VycmVudC0+c2dpZCA9IGN1cnJlbnQtPmZzZ2lkID0g Z2lkOw0KIAllbHNlIGlmICgoZ2lkID09IGN1cnJlbnQtPmdpZCkgfHwgKGdp ZCA9PSBjdXJyZW50LT5zZ2lkKSkNCkBAIC0zNTksNiArMzYzLDggQEANCiB7 DQogCWludCBvbGRfcnVpZCwgb2xkX2V1aWQsIG9sZF9zdWlkLCBuZXdfcnVp ZDsNCiANCisJaWYgKHJ1aWQ+MHhmZmZmIHx8IGV1aWQ+MHhmZmZmKSByZXR1 cm4gLUVJTlZBTDsNCisJDQogCW5ld19ydWlkID0gb2xkX3J1aWQgPSBjdXJy ZW50LT51aWQ7DQogCW9sZF9ldWlkID0gY3VycmVudC0+ZXVpZDsNCiAJb2xk X3N1aWQgPSBjdXJyZW50LT5zdWlkOw0KQEAgLTQyMiw2ICs0MjgsOCBAQA0K IAlpbnQgb2xkX2V1aWQgPSBjdXJyZW50LT5ldWlkOw0KIAlpbnQgb2xkX3J1 aWQsIG9sZF9zdWlkLCBuZXdfcnVpZDsNCiANCisJaWYgKHVpZD4weGZmZmYp IHJldHVybiAtRUlOVkFMOw0KKwkNCiAJb2xkX3J1aWQgPSBuZXdfcnVpZCA9 IGN1cnJlbnQtPnVpZDsNCiAJb2xkX3N1aWQgPSBjdXJyZW50LT5zdWlkOw0K IAlpZiAoY2FwYWJsZShDQVBfU0VUVUlEKSkNCkBAIC00NTksNiArNDY3LDgg QEANCiAJaW50IG9sZF9ldWlkID0gY3VycmVudC0+ZXVpZDsNCiAJaW50IG9s ZF9zdWlkID0gY3VycmVudC0+c3VpZDsNCiANCisJaWYgKHJ1aWQ+MHhmZmZm IHx8IGV1aWQ+MHhmZmZmIHx8IHN1aWQ+MHhmZmZmKSByZXR1cm4gLUVJTlZB TDsNCisJDQogCWlmICghY2FwYWJsZShDQVBfU0VUVUlEKSkgew0KIAkJaWYg KChydWlkICE9ICh1aWRfdCkgLTEpICYmIChydWlkICE9IGN1cnJlbnQtPnVp ZCkgJiYNCiAJCSAgICAocnVpZCAhPSBjdXJyZW50LT5ldWlkKSAmJiAocnVp ZCAhPSBjdXJyZW50LT5zdWlkKSkNCkBAIC01MDgsNiArNTE4LDggQEANCiAg Ki8NCiBhc21saW5rYWdlIGludCBzeXNfc2V0cmVzZ2lkKGdpZF90IHJnaWQs IGdpZF90IGVnaWQsIGdpZF90IHNnaWQpDQogew0KKwlpZiAocmdpZD4weGZm ZmYgfHwgZWdpZD4weGZmZmYgfHwgc2dpZD4weGZmZmYpIHJldHVybiAtRUlO VkFMOw0KKw0KICAgICAgICBpZiAoIWNhcGFibGUoQ0FQX1NFVEdJRCkpIHsN CiAJCWlmICgocmdpZCAhPSAoZ2lkX3QpIC0xKSAmJiAocmdpZCAhPSBjdXJy ZW50LT5naWQpICYmDQogCQkgICAgKHJnaWQgIT0gY3VycmVudC0+ZWdpZCkg JiYgKHJnaWQgIT0gY3VycmVudC0+c2dpZCkpDQpAQCAtNTU0LDYgKzU2Niw4 IEBADQogew0KIAlpbnQgb2xkX2ZzdWlkOw0KIA0KKwlpZiAodWlkPjB4ZmZm ZikgcmV0dXJuIC1FSU5WQUw7DQorCQ0KIAlvbGRfZnN1aWQgPSBjdXJyZW50 LT5mc3VpZDsNCiAJaWYgKHVpZCA9PSBjdXJyZW50LT51aWQgfHwgdWlkID09 IGN1cnJlbnQtPmV1aWQgfHwNCiAJICAgIHVpZCA9PSBjdXJyZW50LT5zdWlk IHx8IHVpZCA9PSBjdXJyZW50LT5mc3VpZCB8fCANCkBAIC01OTEsNiArNjA1 LDggQEANCiB7DQogCWludCBvbGRfZnNnaWQ7DQogDQorCWlmIChnaWQ+MHhm ZmZmKSByZXR1cm4gLUVJTlZBTDsNCisNCiAJb2xkX2ZzZ2lkID0gY3VycmVu dC0+ZnNnaWQ7DQogCWlmIChnaWQgPT0gY3VycmVudC0+Z2lkIHx8IGdpZCA9 PSBjdXJyZW50LT5lZ2lkIHx8DQogCSAgICBnaWQgPT0gY3VycmVudC0+c2dp ZCB8fCBnaWQgPT0gY3VycmVudC0+ZnNnaWQgfHwgDQpAQCAtNjM0LDYgKzY1 MCw4IEBADQogCXN0cnVjdCB0YXNrX3N0cnVjdCAqIHA7DQogCWludCBlcnIg PSAtRUlOVkFMOw0KIA0KKwlpZiAocGlkPjB4ZmZmZiB8fCBwZ2lkPjB4ZmZm ZikgcmV0dXJuIC1FSU5WQUw7DQorCQ0KIAlpZiAoIXBpZCkNCiAJCXBpZCA9 IGN1cnJlbnQtPnBpZDsNCiAJaWYgKCFwZ2lkKQ0K ---1463418623-1701588328-918166118=:4638--

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Martin Schipany: "Interupt 251 / SMP ?"
Previous message: Andrea Arcangeli: "disaster ;) [Re: [patch] real fix [Re: [patch] fixed 2.2.1 inode-leakage due bogus design of the fre"