> Alan Cox wrote:
> >
> > > If an app can smash its stack and gain root shell without setuid or
> > > root, then it is a problem. If such is the case, please let me know.
> >
> > I don't need a root shell. With pine 3.96 and the old metamail I could quite
> > happily have sent a spam mail that erased zillions of peoples email. No
> > root break but damned annoying 8)
> >
> > Alan
>
> I understand that this could happen. But have you "compromised the
> security of the system?" I really don't think you have. Those are
> still major problems though, I will admit that.
>
> I think I am going to step out of the argument if the
> "non-root-compromising-stack smashes" are going to be included. I have
> a big enough argument with myself over it, not sure I want to get
> involved with it with other people.
>
> Trever
Actaully, say his pine hack does this:
Makes a dir ~/.hidden
put a fake su into ~/.hidden that mails the pwd to him
alters my path to put that dir first.
I then exit pine and SU root.
Opps..
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html