Date: Thu, 10 Aug 2000 17:56:30 -0300 From: Fred Souza <cseg@kronus.com.br> To: "Vladimir Mencl, MK, susSED" <mencl@nenya.ms.mff.cuni.cz> Cc: freebsd-security@FreeBSD.ORG Subject: Re: suidperl exploit Message-ID: <20000810175630.A4754@torment.secfreak.com> In-Reply-To: Your message of "Thu, Aug 10 2000 19:29:31 %2B0200" <Pine.GSO.4.10.10008101904060.733-100000@nenya.ms.mff.cuni.cz> References: <Pine.GSO.4.10.10008101904060.733-100000@nenya.ms.mff.cuni.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
> On FreeBSD, I've not observed the reporting email even after a fair
> amount of time devoted to cause the race-condition.
>
>
> Either because I've not succeeded in causing it, or because suidperl
> avoids reporting the issue.
>
>
> I've not found any security advisory regarding this - can anybody
> comment on this? Has there be a silent fix to this?
This is due to the fact that "/bin/mail" is hard-coded in Perl, and FreeBSD
uses /usr/bin/mail. The only way for it to work would be creating a link
/bin/mail -> /usr/bin/mail, which would be extremely pointless and the admin
who did that should be really hurt. :)
The other way for it would be someone else creating that link, which would
imply that the system has already been compromised -- Therefore, why would
the intruder want to "recompromise" the system using that exploit? The only
"reason" I can think of, is to "keep a way back", if he/she gets caught be
the sysadm.
--
"The most difficult thing in the world is to know how to do a thing and
to watch someone else do it wrong without comment."
-- Theodore H. White
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000810175630.A4754>