brian@ucsd.Edu (Brian Kantor) (03/29/91)
Yes, a suid program will drop a core file upon fault if the ruid and euid, and rgid and egid are equal. Thanks all! - Brian
jfh@rpp386.cactus.org (John F Haugh II) (03/29/91)
In article <30833@ucsd.Edu> brian@ucsd.Edu (Brian Kantor) writes: >Yes, a suid program will drop a core file upon fault if the ruid and >euid, and rgid and egid are equal. ... which is a security hole. consider a program, let's call it "su", that reads privileged information (encrypted passwords from /etc/shadow) and does something (sets the real and effective uid's to the uid value from the password file). if the only check that is made is if the program currently has differing real and effective user id's, i can get a part of the shadowed password file potentially by su'ing to myself and core dumping "su" between the time it does the setuid to my uid and the time it exec's the new shell. this has been done ... the moral of the story is that no program which was ever set-uid should =ever= be allowed to dump core. -- John F. Haugh II | Distribution to | UUCP: ...!cs.utexas.edu!rpp386!jfh Ma Bell: (512) 832-8832 | GEnie PROHIBITED :-) | Domain: jfh@rpp386.cactus.org "I want to be Robin to Bush's Batman." -- Vice President Dan Quayle