Re: smbd remote file creation vulnerability

[Michal Zalewski <lcamtuf () bos bindview com>]

On Wed, 27 Jun 2001, Wichert Akkerman wrote:

> > Linux kernels with openwall patch (with restricted links in /tmp) are
> > imunne to this type of attack (following symlinks does not work, link
> > owner does not match with file's owner).
>
> If symlink don't work you can still use a hardlink though.

Another thing you can do is creating a symlink pointing to non-existing
file. You can create new boot script, configuration files like
ld.so.preload or whatever you want.

-- 
_____________________________________________________
Michal Zalewski [lcamtuf () bos bindview com] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=