BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability Aug 14 2007 08:18PM
Wojciech Purczynski (cliph isec pl)

> I'm not sure this is a real security issue. If some process has the same
> effective UID as the given one, the former can always send any signal to
> the latter. Thus the behaviour you described is IMHO normal.

It becomes a security issue whenever suid process drops user's UIDs.
...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus