Subject: Re: Addition to force open to open only regular files
To: NetBSD Kernel Technical Discussion List <tech-kern@netbsd.org>
From: Ignatios Souvatzis <ignatios@cs.uni-bonn.de>
List: tech-kern
Date: 11/30/2000 22:23:03
--YZ5djTAD1cGYuMQK
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Thu, Nov 30, 2000 at 03:52:14PM -0500, Greg A. Woods wrote:
> Yeah, but buffer overflow exploits are successful exclusively because
> the code that suffers them still has set-ID privileges.
No. They are successful as the set ID because the code has set-ID priviliges.
They are still successfull to get control over the original ID for non-setid
programs.
-is
--YZ5djTAD1cGYuMQK
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: 2.6.i
iQEVAgUBOibFMzCn4om+4LhpAQFQXQgAv/KQ4EFi1w8Df1yqp/vujEUPjx4ykbrg
7/874ScoUW7qjdCuG0arMcxsnzgiBCv7gE+2WVh/UAR/oiSlgjREHLYn5kYuW5zA
3WkSEUh08lNXBeJsPaeVEClQGoKsk0TCDfZBxTQwV0aA8Q3Z1Hi1gRTFFhUoJdR7
adAKDjjMc3bGPb+s1K0+i36dJcuXSDdamL0W9e0KH2XlymGQCSC/1dRaNzDEIMUR
mszB8ZEhT7cVy6uI0tgccGj7Yf1BTSbuANkMwwxE5+p3AtttplzE0ukBzcIrdRM5
FmQxFiSHAzxAMucpoTUZNr74DAWqJ+AA3f4FMPw84J1cNVFc8pOEjQ==
=rWBb
-----END PGP SIGNATURE-----
--YZ5djTAD1cGYuMQK--