1. Forum
  2. Usenet
  3. LINUX.DEBIAN.PORTS.HURD

  • Re: [VULN 3/4] setuid exec race

    From Amos Jeffries@21:1/5 to Sergey Bugaev on Mon Nov 8 21:50:02 2021
    On 3/11/21 05:31, Sergey Bugaev wrote:
    Short description
    =================

    When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is
    accessible through the old process port. This can be exploited to get full root
    access to the system.



    This has been assigned CVE-2021-43411


    Amos

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)