Re: Bug in bash = 4.3 [security feature bypassed]
On 03/06/14 23:46, Hector Marco wrote: Recently we discovered a bug in bash. After some time after reporting it to bash developers, it has not been fixed. ... Any comments about this issue are welcomed. Details at: http://hmarco.org/bugs/bash_4.3-setuid-bug.html I'm only going by the patch presented above, so ... 1. The program should be calling setgid() before setuid() (which is another common class of security mistake). 2. Why is exit() returning values greater than 255? It's not capable of doing that under (most) Unix environments. -- Regards, Daryl Tester Handcrafted Computers Pty. Ltd.
Re: /proc filesystem allows bypassing directory permissions on Linux
Pavel Machek wrote: So what did happen? User guest was able to work around directory permissions in the background, using /proc filesystem. gu...@toy:~$ bash 3 /tmp/my_priv/unwritable_file Although having an already open handle to the file is kind of cheating. :-) (well, it isn't, but I think it's a mitigating factor). # ...until we take a way around it with /proc filesystem. Oops. gu...@toy:/tmp/my_priv$ echo got you /proc/self/fd/3 But I understand that the check on the parent directory of the file for accessibility appears to be missing here, at least to get the same behaviour as relative file opening. Despite what Dan says regarding the behaviour as by design, I find the /proc/fd system under Linux to be, erm, ad hoc, and the semantics not well documented (if at all). The Linux implementation seems to be more filename based rather than file descriptor (which appears to be the BSD model), which has tripped me up before (e.g. http://lkml.org/lkml/2008/8/7/25). -- Regards, Daryl Tester Scheme is an exotic sports car. Fast. Manual transmission. No radio. Common Lisp is Howl's Moving Castle. -- Steve Yegge, comparing Lisp families to cars.
Re: Apple OSX and iDisk and Mail.app
Dale Southard wrote: - mac.com SMTP doesn't support encrypted passwords Are you sure? That would depend on how/which smtp service for mac.com is getting resolved. myhost{dsouth}: telnet smtp.mac.com 25 [dt@nipnyep dt]$ dig mx mac.com ;; ANSWER SECTION: mac.com.51m20s IN MX10 smtp-mx.mac.com. [dt@nipnyep dt]$ telnet smtp-mx.mac.com smtp Trying 204.179.120.49... Connected to smtp-mx.mac.com. Escape character is '^]'. 220 smtp-mx.mac.com ESMTP Service ehlo foo.bar 250-smtpin04.mac.com Hello ... [xxx.xx.xxx.xx], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 3145727 250-ETRN 250-DELIVERBY 250 HELP quit 221 2.0.0 smtpin04.mac.com closing connection -- Regards, Daryl Tester, Software Wrangler and Bit Herder, IOCANE Pty. Ltd.