Date: Thu, 16 Oct 2014 12:34:30 +1100 (EST) From: Dave Horsfall <dave@...sfall.org> To: OSS Security <oss-security@...ts.openwall.com> Subject: Re: Abusing TZ for fun (and little profit) On Thu, 16 Oct 2014, Jakub Wilk wrote: > $ TZ=$PWD/tz sudo -u root strace -e read date Perhaps I've missed something here, but surely if you have "sudo" privileges then you can read the file for yourself? And if you're trying to trace a set-uid program then it won't work anyway? Neither my Mac nor my FreeBSD box have "strace", and my Penguin is dead, so I cannot verify this. -- Dave Horsfall (VK2KFU) http://www.horsfall.org/spam.html
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ