[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability

On Tue, Jan 09, 2001 at 11:08:56AM +0000, Julian Gilbey wrote:
> Most weird.  I get this behaviour when running through a setuid root
> strace, but I don't get the error messages (and hence the content of
> /etc/shadow) when I don't use strace.  I'm still running potato.

I have some more oddities to add.
When I set RESOLV_HOST_CONF=/etc/shadow and run "fping debian.org" I don't
get /etc/shadow displayed. Even running it with a +s strace doesn't work.
But when I use "sudo fping ..." I get /etc/shadow displayed (which
shouldn't be such a big hole in that case). I too tried it with potato.


* Christoph Baumann                                          *
* cbauman1@ix.urz.uni-heidelberg.de                          *
* www.rzuser.uni-heidelberg.de/~cbauman1/welcome.html        *
* "External Error : INTELLIGENCE not found !"                *

Reply to: