From: Matan Ziv-Av (matan@arava.co.il)
Date: Sat 24 Oct 1998 - 22:19:32 IST
Hello, A new zgv vulnerability was discovered (http://csclub.stthomas.edu/~bugtraq/msg02075.html) that is actually an svgalib vulnerability: While svgalib gives up root privileges right after initialization, it keeps an open file descriptor for /dev/mem, which the program can write, and thus gain root access. The problem is not only with programs that have a stack overflow vulnerability, but also for programs that by design run other (arbitrary) programs (such as zgv, tmview). The only solution I can think of is using mmap to do something like phys(2) (which is not implemented), and then closing the /dev/mem file descriptor (if it is possible). Can anyone tell me whether this can work, and if not, is there another solution? Matan Ziv-Av. zivav@cs.bgu.ac.il
This archive was generated by hypermail 2.1.4 : Wed 21 Jan 2004 - 22:10:22 IST