Re: allowing a "normal" user to work efficiently

To: debian-user@lists.debian.org
Subject: Re: allowing a "normal" user to work efficiently
From: Ken Bloom <kabloom@ucdavis.edu>
Date: Wed, 05 Nov 2003 23:03:47 -0800
Message-id: <[🔎] pan.2003.11.06.07.03.47.376869@ucdavis.edu>
References: <3481.213.193.180.46.1066731756.squirrel@camelot.ddts.net> <3F953931.2090006@yahoo.es> <1794.213.193.180.46.1066746797.squirrel@camelot.ddts.net> <3F95521C.303@yahoo.es> <20031021160302.GC17255@server.crasseux.com>

On Tue, 21 Oct 2003 18:20:22 +0200, Bijan Soleymani wrote:

> On Tue, Oct 21, 2003 at 11:34:52AM -0400, Roberto Sanchez wrote:
> For example imagine you make "cat" suid...
> 
> Then someone can do:
> cat /bin/rm /bin/cat

Interesting attack in theory, but it doesn't work.
the correct command is cat /bin/rm > /bin/cat
and when you run that command, the pipe is handled by the unprivileged
shell.

> cat -rf /


-- 
I usually have a GPG digital signature included as an attachment.
See http://www.gnupg.org/ for info about these digital signatures.
My key was last signed 10/14/2003. If you use GPG *please* see me about 
signing the key. ***** My computer can't give you viruses by email. ***

Reply to:

Follow-Ups:
- Re: allowing a "normal" user to work efficiently
  - From: Deryk Barker <dbarker@turing.cs.camosun.bc.ca>

Prev by Date: Re: Linux Standard Base
Next by Date: Re: how to extract attachments from an email?
Previous by thread: Re: Linux Standard Base
Next by thread: Re: allowing a "normal" user to work efficiently
Index(es):
- Date
- Thread