[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability

To: Dan Yefimov <dan@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability
From: Wojciech Purczynski <cliph@xxxxxxx>
Date: Tue, 14 Aug 2007 22:18:38 +0200 (CEST)

> I'm not sure this is a real security issue. If some process has the same
> effective UID as the given one, the former can always send any signal to
> the latter. Thus the behaviour you described is IMHO normal.

It becomes a security issue whenever suid process drops user's UIDs.

Follow-Ups:
- Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability
  - From: Dan Yefimov

References:
- Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability
  - From: Dan Yefimov

Prev by Date: TPTI-07-14: HP OpenView Multiple Product Shared Trace Service Stack Overflow Vulnerabilities
Next by Date: ZDI-07-046: Microsoft Windows Media Player Skin Parsing Size Mismatch Heap Overflow Vulnerability
Previous by thread: Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability
Next by thread: Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability
Index(es):
- Date
- Thread