Bugtraq mailing list archives
Re: [linux-security] Things NOT to put in root's crontab
From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Wed, 22 May 1996 15:28:14 -0400
I was under the impression that find(1) didn't follow symbolic links? Thus, one wouldn't ``find'' /etc/passwd if there was a link to /etc from somewhere in /tmp.
Right. Except that this hole is not quite that simple. It's actually Yet Another Race, but in this case the attacker can rig things to make the race easy to win. Basically, what it's doing is, arranging that when find looks, it's not a symlink, but by the time rm's unlink(2) call looks, it has changed and now is a symlink. Just another race, looking at a pathname once at time T and once at time T+1, depending on the pathname to refer to the same thing both times. (Lots of races fit this description....) der Mouse mouse () collatz mcrcim mcgill edu
Current thread:
- Re: [linux-security] Things NOT to put in root's crontab Christopher D. McCann (May 22)
- <Possible follow-ups>
- Re: [linux-security] Things NOT to put in root's crontab William McVey (May 22)
- Re: [linux-security] Things NOT to put in root's crontab Philip Guenther (May 22)
- Re: [linux-security] Things NOT to put in root's crontab Sean Vickery (May 22)
- Re: [linux-security] Things NOT to put in root's crontab Philip Guenther (May 22)
- Re: [linux-security] Things NOT to put in root's crontab Colin Jenkins (May 23)
- Re: [linux-security] Things NOT to put in root's crontab Philip Guenther (May 23)
- Re: [linux-security] Things NOT to put in root's crontab Colin Jenkins (May 24)
- Re: [linux-security] Things NOT to put in root's crontab Aidas Kasparas (May 26)
- Re: [linux-security] Things NOT to put in root's crontab Philip Guenther (May 22)
- Re: [linux-security] Things NOT to put in root's crontab Zygo Blaxell (May 23)