| Next | Classic Unix Security Problems | 16 |
Solution:
The kernel has the script file open already
So no need to mention it by name to Perl
Just give Perl the already-open file descriptor
Instead of /usr/bin/perl bogus.pl:
/usr/bin/perl /dev/fd/3
However, this same attack is a frequent problem with setuid programs
| Next | |
Copyright © 2005 M. J. Dominus |