Full Disclosure mailing list archives
Re: Symlink vulnerabilities
From: Andrew Farmer <andfarm () gmail com>
Date: Thu, 27 Oct 2011 10:31:12 -0700
On 2011-10-27, at 07:48, Valdis.Kletnieks () vt edu wrote:
The other thing that people need to remember is that there's no race condition that's so small that you can't hit it. If there's a race condition, it *can* be won.
And systems like inotify make filesystem races trivial to win. I wouldn't be surprised if you could win this particular race reliably by watching for the files bzexe drops and acting immediately when they show up. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Symlink vulnerabilities, (continued)
- Re: Symlink vulnerabilities vladz (Oct 27)
- Re: Symlink vulnerabilities xD 0x41 (Oct 27)
- Re: Symlink vulnerabilities Jeffrey Walton (Oct 27)
- Re: Symlink vulnerabilities xD 0x41 (Oct 27)
- Re: Symlink vulnerabilities Valdis . Kletnieks (Oct 27)
- Re: Symlink vulnerabilities bugs (Oct 27)
- Re: Symlink vulnerabilities xD 0x41 (Oct 27)
- Message not available
- Re: Symlink vulnerabilities bugs (Oct 27)
- Re: Symlink vulnerabilities Valdis . Kletnieks (Oct 27)
- Re: Symlink vulnerabilities Valdis . Kletnieks (Oct 27)
- Re: Symlink vulnerabilities Andrew Farmer (Oct 27)
- Re: Symlink vulnerabilities Valdis . Kletnieks (Oct 27)
- Re: Symlink vulnerabilities GloW - XD (Oct 27)
- Re: Symlink vulnerabilities halfdog (Oct 27)
- Re: Symlink vulnerabilities xD 0x41 (Oct 27)
- Re: Symlink vulnerabilities Benjamin Renaut (Oct 27)
- Re: Symlink vulnerabilities Benjamin Renaut (Oct 27)
- Re: Symlink vulnerabilities bugs (Oct 27)
- Re: Symlink vulnerabilities Benjamin Renaut (Oct 27)
- Re: Symlink vulnerabilities bugs (Oct 27)
- Re: Symlink vulnerabilities vladz (Oct 27)