Re: Bug in bash = 4.3 [security feature bypassed]
On 03/06/14 23:46, Hector Marco wrote: Recently we discovered a bug in bash. After some time after reporting it to bash developers, it has not been fixed. ... Any comments about this issue are welcomed. Details at: http://hmarco.org/bugs/bash_4.3-setuid-bug.html I'm only going by the patch presented above, so ... 1. The program should be calling setgid() before setuid() (which is another common class of security mistake). 2. Why is exit() returning values greater than 255? It's not capable of doing that under (most) Unix environments. -- Regards, Daryl Tester Handcrafted Computers Pty. Ltd.
Re: /proc filesystem allows bypassing directory permissions on Linux
Pavel Machek wrote: So what did happen? User guest was able to work around directory permissions in the background, using /proc filesystem. gu...@toy:~$ bash 3 /tmp/my_priv/unwritable_file Although having an already open handle to the file is kind of cheating. :-) (well, it isn't, but I think it's a mitigating factor). # ...until we take a way around it with /proc filesystem. Oops. gu...@toy:/tmp/my_priv$ echo got you /proc/self/fd/3 But I understand that the check on the parent directory of the file for accessibility appears to be missing here, at least to get the same behaviour as relative file opening. Despite what Dan says regarding the behaviour as by design, I find the /proc/fd system under Linux to be, erm, ad hoc, and the semantics not well documented (if at all). The Linux implementation seems to be more filename based rather than file descriptor (which appears to be the BSD model), which has tripped me up before (e.g. http://lkml.org/lkml/2008/8/7/25). -- Regards, Daryl Tester Scheme is an exotic sports car. Fast. Manual transmission. No radio. Common Lisp is Howl's Moving Castle. -- Steve Yegge, comparing Lisp families to cars.
Re: Apple OSX and iDisk and Mail.app
Dale Southard wrote:
- mac.com SMTP doesn't support encrypted passwords
Are you sure?
That would depend on how/which smtp service for mac.com is getting resolved.
myhost{dsouth}: telnet smtp.mac.com 25
[dt@nipnyep dt]$ dig mx mac.com
;; ANSWER SECTION:
mac.com.51m20s IN MX10 smtp-mx.mac.com.
[dt@nipnyep dt]$ telnet smtp-mx.mac.com smtp
Trying 204.179.120.49...
Connected to smtp-mx.mac.com.
Escape character is '^]'.
220 smtp-mx.mac.com ESMTP Service
ehlo foo.bar
250-smtpin04.mac.com Hello ... [xxx.xx.xxx.xx], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 3145727
250-ETRN
250-DELIVERBY
250 HELP
quit
221 2.0.0 smtpin04.mac.com closing connection
--
Regards,
Daryl Tester, Software Wrangler and Bit Herder, IOCANE Pty. Ltd.
