[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: i386/575: /sbin/ping world-executable

To: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>
Subject: Re: i386/575: /sbin/ping world-executable
From: Julian Fondren <julian@imaji.net>
Date: Sat, 15 Aug 1998 20:46:28 -0500 (CDT)
cc: bugs@cvs.openbsd.org

of course I did. 



On Sat, 15 Aug 1998, Angelos D. Keromytis wrote:

> Date: Sat, 15 Aug 1998 01:30:01 -0600 (MDT)
> From: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>
> To: bugs@cvs.openbsd.org
> Subject: Re: i386/575: /sbin/ping world-executable
> 
> The following reply was made to PR i386/575; it has been noted by GNATS.
> 
> From: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>
> To: gnats@openbsd.org
> Cc: abyss@abyss.imaji.net
> Subject: Re: i386/575: /sbin/ping world-executable
> Date: Sat, 15 Aug 1998 03:19:42 EDT
> 
>  -----BEGIN PGP SIGNED MESSAGE-----
>  
>  To: gnats@openbsd.org
>  Subject: Re: i386/575: /sbin/ping world-executable
>  Cc: abyss@abyss.imaji.net
>  Date: 08/15/98, 03:19:38
>  
>  
>  >Description:
>  >        /sbin/ping is world-executable, meaning that joe user can ping flood
>  >        or whatever. It is normal for other OS's to allow ping for everyone,
>  >        but this appears to be a bug due to ping being in /sbin, rather than
>  >        /bin or /usr/bin
>  >How-To-Repeat:
>  >        become a user in i386 OpenBSD 2.3, and call /sbin/ping 
>  
>  What are you talking about ?
>  
>  coredump_angelos_38_$_cat /kern/osrelease
>  2.3
>  coredump_angelos_39_$_id
>  uid=24224(angelos) [snip]
>  coredump_angelos_40_$_ping -f dsl
>  ping: Operation not permitted
>  coredump_angelos_41_$_ping -f localhost
>  ping: Operation not permitted
>  
>  Did you actually try doing whatever you're describing, in OpenBSD ?
>  - -Angelos
>  
>  
>  
>  -----BEGIN PGP SIGNATURE-----
>  Version: 2.6.3i
>  Charset: noconv
>  Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
>  
>  iQEVAwUBNdU2incrsxJuc7vBAQH4dgf/dOhPwn+WYMCJYLJJK/JMWZ2ni/Q0/9A6
>  O8fbPbB1Np86xSRnERbfjvOhtY8pk0I0+nmPMIU/XQnlOS5HWyj2O/jcDqwvcBwt
>  7GEUogOJWW7/lfSucgdZ5aLkucwUfXXIym4qVad2//y9H0/Map8JMEYcdkwQR7lH
>  cCw04DH5Bi91bhJd2qMXaKM78dInqVQEVmNfajrdIcmxmfoqNFuXricSPm5/f8Qs
>  MTWTvCj4DRb85susr6U0odz3JgXnDj28btehpOauLiZZxnU36lqYuFmYEJ8SMrZ7
>  Nn7m7myUa2+Oit8Pau5mmNjnrJq0pIwWXYRqbIp7fjZ/IG6y/PzVNA==
>  =B2jm
>  -----END PGP SIGNATURE-----
>  
>

References:
- Re: i386/575: /sbin/ping world-executable
  - From: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>

Prev by Date: Re: i386/575
Next by Date: Re: i386/575
Prev by thread: Re: i386/575: /sbin/ping world-executable
Next by thread: Re: i386/575
Index(es):
- Date
- Thread