oss-sec mailing list archives
Re: Re: [LightDM] Version 1.0.6 released
From: Marc Deslauriers <marc.deslauriers () canonical com>
Date: Fri, 11 Nov 2011 13:27:13 -0500
On Fri, 2011-11-11 at 10:05 +0000, John Haxby wrote:
On 11/11/11 08:06, Guido Berhoerster wrote:Replacing the file between the lstat and the open would change its inode and then be caught by the check before the fchown, no?Nope. There is no reason why the same inode should not be reused. On ext4 (btrfs seems to be different): $ touch test; ls -i test; rm test; touch test; ls -i test 656078 test 656078 test jch
How about the attached patch? Marc.
Attachment:
04_CVE-2011-4105.patch
Description:
Current thread:
- Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez (Nov 02)
- Re: Re: [LightDM] Version 1.0.6 released Kurt Seifried (Nov 02)
- Re: Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez (Nov 02)
- Re: Re: [LightDM] Version 1.0.6 released Kurt Seifried (Nov 02)
- Re: Re: [LightDM] Version 1.0.6 released Marc Deslauriers (Nov 09)
- Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster (Nov 10)
- Re: Re: [LightDM] Version 1.0.6 released Robert Ancell (Nov 10)
- Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster (Nov 11)
- Re: Re: [LightDM] Version 1.0.6 released John Haxby (Nov 11)
- Re: Re: [LightDM] Version 1.0.6 released Marc Deslauriers (Nov 11)
- Re: Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez (Nov 22)
- Re: Re: [LightDM] Version 1.0.6 released Marc Deslauriers (Nov 22)
- Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster (Nov 22)
- Re: Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez (Nov 02)
- Re: Re: [LightDM] Version 1.0.6 released Kurt Seifried (Nov 02)