Bugtraq mailing list archives
Re: Publically writable directories
From: wfp5p () tigger itc virginia edu (Bill Pemberton)
Date: Tue, 18 Jun 1996 11:57:48 -0400
Thomas Koenig writes:
When an attacker does $ ln -s /tmp/some.file /etc/nologin and has root create /tmp/some.file, the problems are obvious. Question: Can this also create security problems for a 'normal' user?
Quite easily. What about: ln -s /tmp/some.file /home/blah/.rhosts If you can get user blah to open /tmp/some.file and put something like + + in the file (this was the hole with elm). Or, a simple screw-up-the-user: ln -s /tmp/some.file /home/blah/.profile -- Bill Pemberton wfp5p () virginia edu ITC/Unix Systems flash () virginia edu University of Virginia uunet!virginia!wfp5p
Current thread:
- [linux-security] Big security hole in kerneld's request_route Igor Chudov @ home (Jun 13)
- system() call in suid programs Not Joe (Jan 03)
- Re: system() call in suid programs Valdis.Kletnieks () vt edu (Jun 14)
- Re: system() call in suid programs Max Hailperin (Jun 14)
- Publically writable directories Thomas Koenig (Jun 16)
- Re: Publically writable directories Neil Soveran-Charley (Jun 16)
- Re: Publically writable directories Brian Mitchell (Jun 17)
- Re: Publically writable directories Thomas Koenig (Jun 18)
- Re: Publically writable directories Bill Pemberton (Jun 18)
- Re: Publically writable directories Thomas Koenig (Jun 18)
- Re: system() call in suid programs Valdis.Kletnieks () vt edu (Jun 14)
- system() call in suid programs Not Joe (Jan 03)
- Re: Publically writable directories Bill Pemberton (Jun 17)
- Re: Publically writable directories David DeSimone (Jun 17)
- Re: Publically writable directories Valdis.Kletnieks () vt edu (Jun 17)
- Re: Publically writable directories Michael Dilger (Jun 17)