Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 16 Oct 2014 12:34:30 +1100 (EST)
From: Dave Horsfall <dave@...sfall.org>
To: OSS Security <oss-security@...ts.openwall.com>
Subject: Re: Abusing TZ for fun (and little profit)

On Thu, 16 Oct 2014, Jakub Wilk wrote:

> $ TZ=$PWD/tz sudo -u root strace -e read date

Perhaps I've missed something here, but surely if you have "sudo" 
privileges then you can read the file for yourself?  And if you're trying 
to trace a set-uid program then it won't work anyway?  Neither my Mac nor 
my FreeBSD box have "strace", and my Penguin is dead, so I cannot verify 
this.

-- 
Dave Horsfall (VK2KFU)
http://www.horsfall.org/spam.html

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ