Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
On Tue, Jan 09, 2001 at 11:08:56AM +0000, Julian Gilbey wrote:
> Most weird. I get this behaviour when running through a setuid root
> strace, but I don't get the error messages (and hence the content of
> /etc/shadow) when I don't use strace. I'm still running potato.
I have some more oddities to add.
When I set RESOLV_HOST_CONF=/etc/shadow and run "fping debian.org" I don't
get /etc/shadow displayed. Even running it with a +s strace doesn't work.
But when I use "sudo fping ..." I get /etc/shadow displayed (which
shouldn't be such a big hole in that case). I too tried it with potato.
* Christoph Baumann *
* firstname.lastname@example.org *
* www.rzuser.uni-heidelberg.de/~cbauman1/welcome.html *
* "External Error : INTELLIGENCE not found !" *