Security Basics mailing list archives
Re: Creating file on login
From: Vishal <dhrakol () myrealbox com>
Date: Thu, 27 Nov 2003 14:33:54 -0500
Hi Fausto Thursday, November 27, 2003, 6:34:46 AM, you wrote: F> I have a system that when one try to login it create a file with the F> name of the user that tried to log. F> The problem is that if the do not exists the system creates the file F> with the invalid user... F> Can we do some exploit in this case...?? F> Is this problem dangerous... F> Fausto Catvalho Many questions spring to mind. To start with: 1. What kind of system is it? 2. What kind of file is created? text/binary..what format? 3. Where is it created? 4. What are the default access controls on this particular location? And on the file itself? 5. Is the system connected to a network? What kind of network? Who can access this system? This problem could have many many answers depending on context... Cheers, -- Vishal --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Creating file on login Fausto (Nov 27)
- Re: Creating file on login Brad Arlt (Nov 27)
- Re: Creating file on login Vishal (Nov 27)