1. Forum
  2. FidoNet
  3. comp.os.linux.misc

  • copy.fail

    From Eli the Bearded@3:633/10 to All on Thursday, April 30, 2026 05:40:55
  • From Ralf Fassel@3:633/10 to All on Thursday, April 30, 2026 16:39:10
  • From jayjwa@3:633/10 to All on Thursday, April 30, 2026 11:25:45
  • From Kenny McCormack@3:633/10 to All on Thursday, April 30, 2026 19:09:06
  • From Richard Kettlewell@3:633/10 to All on Thursday, April 30, 2026 22:41:37
  • From Stéphane CARPENTIER@3:633/10 to All on Friday, May 01, 2026 09:33:16
  • From Marc Haber@3:633/10 to All on Friday, May 01, 2026 13:19:40
  • From Richard Kettlewell@3:633/10 to All on Friday, May 01, 2026 17:48:20
  • From Ralf Fassel@3:633/10 to All on Friday, May 01, 2026 23:17:02
  • From Kenny McCormack@3:633/10 to All on Saturday, May 02, 2026 10:28:49
  • From Kenny McCormack@3:633/10 to All on Saturday, May 02, 2026 12:12:23
  • From Pierre Asselin@3:633/10 to All on Saturday, May 02, 2026 21:46:24
  • From Richard Kettlewell@3:633/10 to All on Saturday, May 02, 2026 23:02:56
  • From Lawrence D?Oliveiro@3:633/10 to All on Saturday, May 02, 2026 23:44:34
  • From Kenny McCormack@3:633/10 to All on Sunday, May 03, 2026 01:12:07
  • From Woozy Song@3:633/10 to All on Sunday, May 03, 2026 11:42:55
  • From Pierre Asselin@3:633/10 to All on Sunday, May 03, 2026 18:11:30
    Richard Kettlewell <invalid@invalid.invalid> wrote:
    [ ... ]
    Stopping unprivileged users getting a file descriptor onto anything that might be executing, or executed, with different credentials would reduce
    risk by excluding all attacks that depended somehow on getting a file descriptor onto the target file. As already noted there?s a problem with shared libraries.

    That doesn't solve anything. Letting an unprivileged user modify
    the cached copy of files is BAAAAD. It doesn't have to be executable
    code. /etc/passwd would be a good one, poke zeros in your uid:gid
    fields, log out, log back in.

    Even without privilege escalation, corrupting (cached copies of) random
    files can wreak havoc.

    --- PyGate Linux v1.5.14
    * Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)
  • From Richard Kettlewell@3:633/10 to All on Sunday, May 03, 2026 23:05:40
    pa@see.signature.invalid (Pierre Asselin) writes:
    Richard Kettlewell <invalid@invalid.invalid> wrote:
    [ ... ]
    Stopping unprivileged users getting a file descriptor onto anything that
    might be executing, or executed, with different credentials would reduce
    risk by excluding all attacks that depended somehow on getting a file
    descriptor onto the target file. As already noted there?s a problem with
    shared libraries.

    That doesn't solve anything. Letting an unprivileged user modify
    the cached copy of files is BAAAAD. It doesn't have to be executable
    code. /etc/passwd would be a good one, poke zeros in your uid:gid
    fields, log out, log back in.

    Even without privilege escalation, corrupting (cached copies of) random
    files can wreak havoc.

    FAir point, and one I should have reached myself, given it was kinda
    covered in my earlier post.

    --
    https://www.greenend.org.uk/rjk/

    --- PyGate Linux v1.5.14
    * Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)