Re: XFree86 3.1.2 Security Problems

[nreadwin () london micrognosis com (Neil Readwin)]

Anthony C. Zboralski writes:
> Maybe someone could take a look at the server sources so it does a
> system("/bin/rm /tmp/.tX0-lock") just before it a write to the file..

That doesn't fix it since it leaves a race condition that could be
exploited using something like ...

        while(stat(TmpFile, &fileinfo) == 0)
                ;
        symlink(TargetFile, TmpFile);
--
 nreadwin () micrognosis co uk       Phone: +1 908 855 1221 x519
 Anything is a cause for sorrow that my mind or body has made