Bugtraq mailing list archives
Re: Symlinks and Cryogenic Sleep
From: ant () NOTATLA DEMON CO UK (Antonomasia)
Date: Tue, 4 Jan 2000 22:32:16 GMT
Olaf Kirch asked about checking files when you reopen them and questioned the usefulness of
if (lstat(fname, &stb1) >= 0 && S_ISREG(stb1.st_mode)) { fd = open(fname, O_RDWR); if (fd < 0 || fstat(fd, &stb2) < 0 || ino_or_dev_mismatch(&stb1, &stb2)) raise_big_stink() } else { /* do the O_EXCL thing */ }
Mark A. Heilpern" <heilpern () MINDSPRING COM> and der Mouse <mouse () RODENTS MONTREAL QC CA> maintain that mortals can only send a SIGSTOP to their own processes. When I send a SIGSTOP to a passwd process (uid=me,euid=0) I get: linux 2.0.36: stopped linux 2.2.12: stopped OpenBSD 2.5: stopped No doubt Olaf selected SIGSTOP in his example because it cannot be handled. Goetz Babin-Ebell <babinebell () TRUSTCENTER DE> provided some code which I've not tested but looks as if it will leak open files and will call fopen(cpFile,"a"); first and lstat() afterwards. This could lead to the creation of unintended files at the symlink target. Only comparison to S_IFLNK is done, leaving named pipes in the running. It might also be raced either side of the lstat() call. fstat() is not used. While I'm on this I'll mention a code scanner I wrote last year for checking file races. It follows a description of an unpublished scanner by Matt Bishop and Michael Dilger and is demonstrated on sendmail-8.6.10. In Perl. http://www.notatla.demon.co.uk/SOFTWARE/SCANNER/scanner-1.0b.tar.gz Olaf's suggested function ino_or_dev_mismatch(&stb1, &stb2) could be extended to check the file's owner and group remain unchanged. This means even if a file is switched the attacker gains nothing - he has to replace it with an equivalent file. -- ############################################################## # Antonomasia ant () notatla demon co uk # # See http://www.notatla.demon.co.uk/ # ##############################################################
Current thread:
- Re: Symlinks and Cryogenic Sleep, (continued)
- Re: Symlinks and Cryogenic Sleep Marc Heuse (Jan 05)
- Re: Symlinks and Cryogenic Sleep Wietse Venema (Jan 04)
- Re: Symlinks and Cryogenic Sleep Pavel Machek (Jan 04)
- Security problem with Solstice Backup/Legato Networker recover command Chris Siebenmann (Jan 04)
- Local / Remote D.o.S Attack in IMail IMONITOR Server for WinNT Version 5.08 Ussr Labs (Jan 05)
- Re: Symlinks and Cryogenic Sleep Pavel Kankovsky (Jan 05)
- [RHSA-2000:002] New lpr packages available Bill Nottingham (Jan 07)
- Re: Symlinks and Cryogenic Sleep der Mouse (Jan 03)
- Re: Symlinks and Cryogenic Sleep Marc Heuse (Jan 04)
- Re: Symlinks and Cryogenic Sleep John Cochran (Jan 04)
- Re: Symlinks and Cryogenic Sleep Antonomasia (Jan 04)
- Re: Symlinks and Cryogenic Sleep Antonomasia (Jan 05)