<<< Date Index >>>     <<< Thread Index >>>

Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability



On Wed, 15 Aug 2007, Wojciech Purczynski wrote:

> The problem is that without suid binary execved from parent process you
> can not send the signal. ;) With suid binary you can and that makes this
> issue a privilege escalation vulnerability.
> 
Could you please explain it to me where do you see privilege escalation here?
If the setuid root binary allows arbitrary code execution on getting an 
unexpected signal (but signals are always unexpected due to their asynchronous 
and independent nature), that is the problem with that particular binary, not 
Linux itself. In that case you are right, there is the privilege escalation 
vulnerability, but vulnerability is in that particular binary. Linux itself
has nothing to do with that and should not be blamed at all.
-- 

    Sincerely Your, Dan.