BugTraq
COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability Aug 14 2007 03:17PM
Wojciech Purczynski (cliph isec pl) (2 replies)
Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability Aug 14 2007 09:03PM
Wojciech Purczynski (cliph isec pl) (1 replies)
Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability Aug 15 2007 12:46PM
Dan Yefimov (dan ns15 lightwave net ru) (1 replies)
Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability Aug 15 2007 07:09PM
Wojciech Purczynski (cliph isec pl) (1 replies)
Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability Aug 15 2007 08:50PM
Dan Yefimov (dan ns15 lightwave net ru) (1 replies)
Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability Aug 15 2007 09:05PM
Wojciech Purczynski (cliph isec pl) (1 replies)
Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability Aug 15 2007 09:19PM
Dan Yefimov (dan ns15 lightwave net ru) (1 replies)
Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability Aug 15 2007 09:37PM
Wojciech Purczynski (cliph isec pl)
Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability Aug 14 2007 06:20PM
Dan Yefimov (dan ns15 lightwave net ru) (2 replies)
Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability Aug 15 2007 03:23PM
Glynn Clements (glynn gclements plus com) (1 replies)
Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability Aug 15 2007 05:54PM
Dan Yefimov (dan ns15 lightwave net ru) (1 replies)
Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability Aug 16 2007 01:18AM
Glynn Clements (glynn gclements plus com)
Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability Aug 14 2007 08:18PM
Wojciech Purczynski (cliph isec pl)

> I'm not sure this is a real security issue. If some process has the same
> effective UID as the given one, the former can always send any signal to
> the latter. Thus the behaviour you described is IMHO normal.

It becomes a security issue whenever suid process drops user's UIDs.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus