On 10-11-09 11:19 AM, Xavier Garcia wrote: > One should be safe because users need admin rights to write > there, but playing with setuid binaries is always dangerous.
Well, sure. But I think Nicholas' point was that your escalation ... isn't really such, given that on any unixy system, you need to go to great lengths to allow normal users to write to /lib. If I can write to /lib in order to implement your answer to "how do I escalate privileges with Tavis' exploit," I think that system already has a serious issue, one that goes beyond "it's got a vulnerable version of glibc installed." > This could be enforced by implementing a 'secure level' in the > kernel, but then the maintenance of the system could be a > nightmare. Imagine having to reboot a critical server just > because the 'secure level' must be desabled in order to > install patches :) I don't just imagine it, I've done it. If that's what it takes, then that's what it takes. Your definition of critical may vary from mine though, and mine was the FreeBSD implementation, so I could install _some_ patches without rebooting. Your point about playing with setuid binaries is dangerous is well taken, but I'm not sure that I see how it applies given your proposed solution. Putting yourself into a situation where normal users can write to /lib is significantly more dangerous. Mike _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
