[SECURITY] Simpleinit root exploit

Rob 'Feztaa' Park feztaa at shaw.ca
Sun May 26 22:23:27 PDT 2002


Alas! Matthias Benkmann spake thus:
> On Sun, 26 May 2002 16:49:57 -0400 Gerard Beekmans
> <gerard at linuxfromscratch.org> wrote:
> 
> > On Sun, May 26, 2002 at 10:24:34PM +0200, Matthias Benkmann wrote:
> > > No, maybe this was badly phrased but I meant the term "program" to
> > > include boot scripts. Whatever code is executed as bootprog or by code
> > > run as bootprog is vulnerable, regardless of whether it's an ELF
> > > binary, a Perl script, a shell script or whatever. So the workaround
> > > is to be read as"Do not start *anything* that interacts with untrusted
> > > users directly or indirectly as bootprog/finalprog/ctrlaltdel". 
> > 
> > So far for convenience of booting into graphical userinterface at
> > boottime. Oh well :)
> 
> Well, I've always been happy with startx :-) 
> Anyway, if someone really wants to start xdm from a script with a
> vulnerable simpleinit, the file descriptor can be closed manually like
> this
> 
> exec 3>&-

Is it possible to list open filehandles? I don't suppose that 
'ls -l /dev/fd/' would cut it, eh? (this seems to list *ls*'s open
filehandles... odd).

-- 
Rob 'Feztaa' Park
http://members.shaw.ca/feztaa/
--
No skis take rocks like rental skis!
-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list