On Sun, Apr 19, 2009 at 12:57:26PM -0000, Paul Szabo wrote: > Since I do not know how getspent() or endspent() work, I now wonder > whether chunks of /etc/shadow (other than the line for right user) could > be found in process memory, before or after endspent(). Have so far > failed to read /proc/self/mem in my test program, and wonder if that > feature works in my kernel...
/proc/self/mem is only readable once a process is being PTRACE'd. However, since newgrp is setuid, it cannot be attached to, even after it drops privs. Same for login (it was running as root, and drops privs, but it is still non-ptraceable). -- Kees Cook Ubuntu Security Team -- login, newgrp leak /etc/shadow https://bugs.launchpad.net/bugs/363593 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
