Full Disclosure mailing list archives
Re: Possible race condition in Symantec AntiVirus Scan Engine for Red Hat Linux during LiveUpdate
From: Valdis.Kletnieks () vt edu
Date: Mon, 16 Feb 2004 11:21:39 -0500
On Mon, 16 Feb 2004 16:49:53 +0100, "Dr. Peter Bieringer" said:
logfile=/tmp/LiveUpdate.log <---!!!!!! Impact: Before first run of LiveUpdate (like suggested in doc, user "symantec" does this) a possible race condition via a symlink attack by another user will result in the creation of a new file (as user "symantec") or appending LiveUpdate log to an existent file (owned by user "symantec").
For bonus points, figure out what happens if you reboot and your /etc/fstab has this: none /tmp tmpfs mode=1777 0 0 The gift that keeps on giving. ;)
Attachment:
_bin
Description:
Current thread:
- Possible race condition in Symantec AntiVirus Scan Engine for Red Hat Linux during LiveUpdate Dr. Peter Bieringer (Feb 16)
- Re: Possible race condition in Symantec AntiVirus Scan Engine for Red Hat Linux during LiveUpdate Valdis . Kletnieks (Feb 16)