Reply to post: Re: The real culprit

Get root on an OS X 10.10 Mac: The exploit is so trivial it fits in a tweet

Destroy All Monsters Silver badge
Holmes

Re: The real culprit

Is the deliberately holed *nix security model. Once again a SUID/setuid utility strikes.

You are very confused and clearly don't understand where the problem lies: it comes from the fact that an admin program (in this case, the newgrp) changes it behaviour (here, indirectly) based on input from a dubious low-privilege source (here, an environment variable).

This can happen in any system in which the user from time to time needs to have the system perform an operation with privileges that are higher than he has himself.

Which happen to be all of them. Even the bureaucratic ones.

This is also why setuid programs should always scrub their environment before they perform their operation.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019