<<< Date Index >>>     <<< Thread Index >>>

Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability



Small correction - I forgot to add setuid(0) ;)

        PARENT          CHILD
        ----------------------------------------------------------------
        fork()
                        prctl(PR_SET_PDEATHSIG)
                        execve("/bin/setuid-binary")
                        setuid(0)
        exit()'ed or killed
                        child receives NO signal this time


        PARENT          CHILD
        ----------------------------------------------------------------
        fork()
                        prctl(PR_SET_PDEATHSIG)
                        execve("/bin/setuid-binary")
                        setuid(0)
        execve("/bin/setuid-binary")
        exit()'ed or killed
                        privileged process receives the signal