[SECURITY] Simpleinit root exploit

Matthias Benkmann matthias at winterdrache.de
Sun May 26 14:10:29 PDT 2002

On Sun, 26 May 2002 16:49:57 -0400 Gerard Beekmans
<gerard at linuxfromscratch.org> wrote:

> On Sun, May 26, 2002 at 10:24:34PM +0200, Matthias Benkmann wrote:
> > No, maybe this was badly phrased but I meant the term "program" to
> > include boot scripts. Whatever code is executed as bootprog or by code
> > run as bootprog is vulnerable, regardless of whether it's an ELF
> > binary, a Perl script, a shell script or whatever. So the workaround
> > is to be read as"Do not start *anything* that interacts with untrusted
> > users directly or indirectly as bootprog/finalprog/ctrlaltdel". 
> So far for convenience of booting into graphical userinterface at
> boottime. Oh well :)

Well, I've always been happy with startx :-) 
Anyway, if someone really wants to start xdm from a script with a
vulnerable simpleinit, the file descriptor can be closed manually like

exec 3>&-

This closes file descriptor 3 (which is usually the dangerous one).


The real art of conversation
is not only to say the right thing at the right time,
but also to leave unsaid the wrong thing at the tempting moment.

Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message

More information about the lfs-security mailing list