Date: Mon, 29 Sep 2014 13:06:34 -0700 From: Seth Arnold <seth.arnold@...onical.com> To: oss-security@...ts.openwall.com Subject: atd (was: Re: Re: Healing the bash fork) On Mon, Sep 29, 2014 at 09:59:47AM -0600, Eric Blake wrote: > So even on Debian, where /bin/sh is dash, this script attempts to > execute the file named /tmp/exploit=me, possibly under the privileges of > 'at' rather than as the user that created the file. No bash needed. Where does 'at' use the privileges of the at daemon when executing scripts? With just a quick check of the atd sources it looks like privileges are properly changed before executing the script: http://sources.debian.net/src/at/3.1.15-1/atd.c/#L380 Thanks Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.