Le mar 04/11/2003 � 14:42, Thierry Vignaud a �crit : > Pierre BETOUIN <[EMAIL PROTECTED]> writes: > > > Even if it's not suided, it could be exploited through a script or a > > frontend. > > ... exploited to get a shell with the same right as the shell that run > it. > > iwconfig isn't clean but it's not unsafe
Exactly what i said, but if iwconfig is intefaced, it could be very...
perturbing ;)
Take the example of someone who create a PHP page to diagnose wifi state
:
<?
system("/sbin/iwconfig" . "$cmd");
?>
Does the user want to grant a shell to everyone who got a web access ?
Another situation : allowing users to change wireless config, and suid
iwconfig for that...
Does this user want to allow people to gain a root shell ?
There's no discuss here : security, even for non-suided programs (for a
default installation) has to be considered by everyone.
Regards.
Pierre
--
Pierre BETOUIN
GnuPG key :
lynx -dump perso.club-internet.fr/unsignedchr/GnupgKey.asc | gpg
--import
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
