If I understood him correctly, he's poking fun at my classmate, Jonathan Rockway, and the vulnerability he discovered in NASM.
In slashdot terms: It's funny. Laugh. On Thu, 30 Dec 2004, Jerry wrote: > I have to agree with Shane on this. The whole point of the admin a.k.a root > user is to have full control over everything. What's the point of that user > if it can't delete of stop a set process when required if some user orphans > something and can't get it back? > > JM > ----- Original Message ----- > From: "shane milton" <[EMAIL PROTECTED]> > To: "Lennart Hansen" <[EMAIL PROTECTED]> > Cc: <[email protected]> > Sent: Thursday, December 30, 2004 8:45 AM > Subject: Re: [Full-Disclosure] /bin/rm file access vulnerability > > > > > However, it is possible for a person with admin rights (root) to > > > delete _any_ file > > > on the system regardless of who has created it and what it's permissions > are. > > > > ??? Maybe I'm confused. . . . .but I don't see the problem here. > > > > -Shane > > > > > > > > On Wed, 29 Dec 2004 20:18:25 -0500, Lennart Hansen <[EMAIL PROTECTED]> > wrote: > > > /bin/rm file access vulnerability > > > > > > Affected Products: > > > /bin/rm (all versions, tested on FreeBSD and linux) > > > (http://www.freebsd.org http://www.kernel.org) > > > > > > Author: > > > Xenzeo (Ablazed, Ultralaser, Lennart A. Hansen) > > > xenzeo at blackhat dot dk > > > > > > /bin/rm is a program that removes the named file arguments on unix > systems. > > > When /bin/rm is called it checks the file's permissions and the id of > the user > > > trying to remove the file. If the user does not have the required > permissions > > > to delete the file, /bin/rm will simply reject and exit. > > > > > > However, it is possible for a person with admin rights (root) to > > > delete _any_ file > > > on the system regardless of who has created it and what it's permissions > are. > > > > > > Proof of concepts: > > > $ touch /home/xenzeo/file > > > $ ls -l /home/xenzeo/file > > > -rw-r--r-- 1 xenzeo none 0 Dec 30 2004 /home/xenzeo/file > > > $ id > > > uid=1000(xenzeo) gid=513(none) groups=513(none),545(users) > > > $ su -c 'rm -f /home/xenzeo/file' > > > $ ls -l /home/xenzeo/file > > > ls: file: No such file or directory > > > > > > #!/usr/bin/perl > > > if ($#ARGV != 0) { > > > die "usage: rm-exploit.pl file\r\n"; > > > } else { > > > $file = $ARGV[0]; > > > print "*** CMD: [ /bin/rm -f $file ]\r\n"; > > > print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n"; > > > if ($> == 0) { > > > print "[-] EXECUTING CMD\r\n"; > > > system("/bin/rm -f $file"); > > > print "[-] DONE\r\n"; > > > print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n"; > > > exit(); > > > } else { > > > print "[-] EXPLOIT FAILED\r\n"; > > > print "[-] YOU ARE NOT ROOT\r\n"; > > > print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n"; > > > } > > > } > > > > > > Vender status: > > > Neither FreeBSD nor Linux developers have been contacted yet! > > > > > > -Xenzeo > > > > > > -- > > > ___________________________________________________________ > > > Sign-up for Ads Free at Mail.com > > > http://promo.mail.com/adsfreejump.htm > > > > > > _______________________________________________ > > > Full-Disclosure - We believe in it. > > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
