Bugtraq mailing list archives

Re: Fix for ssh-1.2.27 symlink/bind problem

From: vandry () MLINK NET (Phillip Vandry)
Date: Wed, 6 Oct 1999 17:42:01 -0400

On Solaris, only open(O_CREAT) (w/o O_EXCL) and creat() do so;
the following do not follow symbolic links as the last component of
the pathname:

      mknod (making pipes or devices)
      mkdir
      bind

      (others?)


Others (some are obvious, but, hey, if we're making a list, might as well
be complete):

        link (does not follow second argument if it exists)
        symlink (agin, the second argument)
        rename (obliterates second argument if it exists)

-Phil

Current thread:

Re: Fix for ssh-1.2.27 symlink/bind problem Scott Gifford (Oct 04)
- <Possible follow-ups>
- Re: Fix for ssh-1.2.27 symlink/bind problem Scott Gifford (Oct 04)
  - SCO UnixWare 7.1 local root exploit Brock Tellier (Oct 05)
  - Re: Fix for ssh-1.2.27 symlink/bind problem Casper Dik (Oct 06)
    - Re: Fix for ssh-1.2.27 symlink/bind problem Phillip Vandry (Oct 06)
  - Re: Fix for ssh-1.2.27 symlink/bind problem Wietse Venema (Oct 06)
    - Re: Fix for ssh-1.2.27 symlink/bind problem Markus Friedl (Oct 25)
    - Re: Fix for ssh-1.2.27 symlink/bind problem Wietse Venema (Oct 25)
    - Re: Fix for ssh-1.2.27 symlink/bind problem Markus Friedl (Oct 26)
    - Re: Fix for ssh-1.2.27 symlink/bind problem Wietse Venema (Oct 27)
    - ExpressFS 2.x FTPServer remotely exploitable buffer overflow vulnerability Luciano Martins (Jul 29)
    - Vulnerability in CMail SMTP Server Version 2.4: Remotely exploitable buffer Luciano Martins (Jul 29)
    - AW: Mac OS 9 Idle Lock Bug Flothow, Sebastian (Oct 29)
    - Re: Fix for ssh-1.2.27 symlink/bind problem Casper Dik (Oct 29)
    - DoS attack for ircd's by oversized PTR record Goblin (Oct 29)

(Thread continues...)