Full Disclosure mailing list archives
Re: Symlink vulnerabilities
From: Jeffrey Walton <noloader () gmail com>
Date: Thu, 27 Oct 2011 09:51:33 -0400
On Thu, Oct 27, 2011 at 9:43 AM, xD 0x41 <secn3t () gmail com> wrote:
[SNIP]
This means that right after the "ln" command AND before "/tmp/dd" is
launched, the user can replace the directory "/tmp/dd" by a shell script
with the same name ("/tmp/dd").
You try to change and fiddle here, it would need alot better than just
the current shell scripting, and, even then, i dnt think it would win
the race conditiobn.
See Bishop and Dilger's paper: nob.cs.ucdavis.edu/bishop/papers/1996-compsys/racecond.pdf _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Symlink vulnerabilities, (continued)
- Re: Symlink vulnerabilities xD 0x41 (Oct 25)
- Re: Symlink vulnerabilities Valdis . Kletnieks (Oct 25)
- Re: Symlink vulnerabilities xD 0x41 (Oct 25)
- Re: Symlink vulnerabilities Tavis Ormandy (Oct 25)
- Re: Symlink vulnerabilities Michal Zalewski (Oct 25)
- Re: Symlink vulnerabilities dave bl (Oct 25)
- Re: Symlink vulnerabilities Ryan Sears (Oct 25)
- Re: Symlink vulnerabilities bugs (Oct 25)
- Re: Symlink vulnerabilities vladz (Oct 27)
- Re: Symlink vulnerabilities xD 0x41 (Oct 27)
- Re: Symlink vulnerabilities Jeffrey Walton (Oct 27)
- Re: Symlink vulnerabilities xD 0x41 (Oct 27)
- Re: Symlink vulnerabilities Valdis . Kletnieks (Oct 27)
- Re: Symlink vulnerabilities bugs (Oct 27)
- Re: Symlink vulnerabilities xD 0x41 (Oct 27)
- Message not available
- Re: Symlink vulnerabilities bugs (Oct 27)
- Re: Symlink vulnerabilities Valdis . Kletnieks (Oct 27)
- Re: Symlink vulnerabilities Valdis . Kletnieks (Oct 27)
- Re: Symlink vulnerabilities Andrew Farmer (Oct 27)
- Re: Symlink vulnerabilities Valdis . Kletnieks (Oct 27)
- Re: Symlink vulnerabilities GloW - XD (Oct 27)