[SECURITY] Simpleinit root exploit

Matthias Benkmann matthias at winterdrache.de
Sun May 26 14:10:29 PDT 2002


On Sun, 26 May 2002 16:49:57 -0400 Gerard Beekmans
<gerard at linuxfromscratch.org> wrote:

> On Sun, May 26, 2002 at 10:24:34PM +0200, Matthias Benkmann wrote:
> > No, maybe this was badly phrased but I meant the term "program" to
> > include boot scripts. Whatever code is executed as bootprog or by code
> > run as bootprog is vulnerable, regardless of whether it's an ELF
> > binary, a Perl script, a shell script or whatever. So the workaround
> > is to be read as"Do not start *anything* that interacts with untrusted
> > users directly or indirectly as bootprog/finalprog/ctrlaltdel". 
> 
> So far for convenience of booting into graphical userinterface at
> boottime. Oh well :)

Well, I've always been happy with startx :-) 
Anyway, if someone really wants to start xdm from a script with a
vulnerable simpleinit, the file descriptor can be closed manually like
this

exec 3>&-

This closes file descriptor 3 (which is usually the dangerous one).

MSB

-- 
The real art of conversation
is not only to say the right thing at the right time,
but also to leave unsaid the wrong thing at the tempting moment.

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list