Re: [Exim] Fw: (bugtraq) Exim 3.34 and lower

Top Page
Delete this message
Reply to this message
Author: Tamas TEVESZ
Date:  
To: Florian Laws
CC: exim-users
Subject: Re: [Exim] Fw: (bugtraq) Exim 3.34 and lower
On Thu, 14 Feb 2002, Florian Laws wrote:

> from the manual that Exim does indeed give up root privileges when a
> nonprivileged caller specifies -C, but does it do so before the crash
> occurrs?


setgroups32(0, 0)                       = -1 EPERM (Operation not permitted)
setgroups32(0x1, 0xbfff7b84)            = -1 EPERM (Operation not permitted)
setgid32(0x3e8)                         = 0
setuid32(0x3e8)                         = 0
--- SIGSEGV (Segmentation fault) ---
+++ killed by SIGSEGV +++



0x3e8 is the caller user's uid and gid. these calls do seem to succeed
before the crash. ok, granted, i don't know much about exploiting
buffer overruns, so this may just as well be a false confirmation.


--
[-]