Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability

To: debian-devel@lists.debian.org
Subject: Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
From: Christoph Baumann <cbauman1@ix.urz.uni-heidelberg.de>
Date: Tue, 9 Jan 2001 13:41:41 +0100
Message-id: <[🔎] 20010109134141.B44740@aixterm6.urz.uni-heidelberg.de>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <20010109110855.A4036@polya>; from J.D.Gilbey@qmw.ac.uk on Tue, Jan 09, 2001 at 11:08:56AM +0000
References: <Pine.LNX.4.31.0101081331280.20955-100000@io.88.net> <Pine.LNX.4.31.0101081752230.25739-100000@io.88.net> <20010109110855.A4036@polya>

On Tue, Jan 09, 2001 at 11:08:56AM +0000, Julian Gilbey wrote:
> Most weird.  I get this behaviour when running through a setuid root
> strace, but I don't get the error messages (and hence the content of
> /etc/shadow) when I don't use strace.  I'm still running potato.

I have some more oddities to add.
When I set RESOLV_HOST_CONF=/etc/shadow and run "fping debian.org" I don't
get /etc/shadow displayed. Even running it with a +s strace doesn't work.
But when I use "sudo fping ..." I get /etc/shadow displayed (which
shouldn't be such a big hole in that case). I too tried it with potato.

Christoph 

-- 
* Christoph Baumann                                          *
* cbauman1@ix.urz.uni-heidelberg.de                          *
* www.rzuser.uni-heidelberg.de/~cbauman1/welcome.html        *
* "External Error : INTELLIGENCE not found !"                *

Reply to:

Follow-Ups:
- Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
  - From: Ben Collins <bcollins@debian.org>

Prev by Date: Re: big Packages.gz file
Next by Date: Re: where is #define __linux__
Previous by thread: Re: where is #define __linux__
Next by thread: Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
Index(es):
- Date
- Thread