Date: Thu, 10 Aug 2000 17:56:30 -0300 From: Fred Souza <cseg@kronus.com.br> To: "Vladimir Mencl, MK, susSED" <mencl@nenya.ms.mff.cuni.cz> Cc: freebsd-security@FreeBSD.ORG Subject: Re: suidperl exploit Message-ID: <20000810175630.A4754@torment.secfreak.com> In-Reply-To: Your message of "Thu, Aug 10 2000 19:29:31 %2B0200" <Pine.GSO.4.10.10008101904060.733-100000@nenya.ms.mff.cuni.cz> References: <Pine.GSO.4.10.10008101904060.733-100000@nenya.ms.mff.cuni.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
> On FreeBSD, I've not observed the reporting email even after a fair > amount of time devoted to cause the race-condition. > > > Either because I've not succeeded in causing it, or because suidperl > avoids reporting the issue. > > > I've not found any security advisory regarding this - can anybody > comment on this? Has there be a silent fix to this? This is due to the fact that "/bin/mail" is hard-coded in Perl, and FreeBSD uses /usr/bin/mail. The only way for it to work would be creating a link /bin/mail -> /usr/bin/mail, which would be extremely pointless and the admin who did that should be really hurt. :) The other way for it would be someone else creating that link, which would imply that the system has already been compromised -- Therefore, why would the intruder want to "recompromise" the system using that exploit? The only "reason" I can think of, is to "keep a way back", if he/she gets caught be the sysadm. -- "The most difficult thing in the world is to know how to do a thing and to watch someone else do it wrong without comment." -- Theodore H. White To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000810175630.A4754>