Author: JT Smith
From Net-security.org: “There is local root compromise in FreeBSD 4.3 due to design flaw
which allows injecting signal handlers in other processes.
which allows injecting signal handlers in other processes.
The problem is rfork(RFPROC|RFSIGSHARE) which shares the signal
handlers.
If the child does exec() on a setuid program and then the parent set
a signal handler, the signal handler is replicated in the child. The
address of the signal handler may be in the environment and after
sending
a signal to the child our signal handler gets executed. Examine the
code for more information.”
Category:
- Linux