Re: Symlinks and Cryogenic Sleep

[ant () NOTATLA DEMON CO UK (Antonomasia)]

My post yesterday seems to have died during moderation.
This happened to my last 2 incidentally - both looked worthwhile to me.

Olaf Kirch:
> That's not true for setuid processes. You're allowed to signal a process
> if _either_ the effective or the real uid match. Try running passwd in
> one window, in another type killall -STOP passwd.

Exactly.  I tested it on linux-2.0.26, linux-2.2.12 and openbsd-2.5.
No doubt Olaf selected SIGSTOP for his example because a handler cannot
be installed for it.

Casper mentions ^Z:
> You can, but only from a terminal. (I.e., if you start su/passwd/rsh,
> etc, you can ^Z them)

But doesn't ^Z do SIGTSTP instead of SIGSTOP ?
I have no Solaris boxes here to test.

Goetz Babin-Ebell <babinebell () TRUSTCENTER DE> posted some code with
a number of flaws.  It can leak open files as well as be raced.

I have a perl tool for scanning code for file races.    It is based on
a description by Bishop & Dilger of an unpublished scanner they wrote.
http://www.notatla.demon.co.uk/SOFTWARE/SCANNER/scanner-1.0b.tar.gz

My suggestion for upgrading Olaf's original code is to test the owner and
group as well as the device and inode in the lstat,fstat comparison.  Then
an attacker can only switch a file for another of the same owner:group.


--
##############################################################
# Antonomasia   ant () notatla demon co uk                      #
# See http://www.notatla.demon.co.uk/                        #
##############################################################