Full Disclosure mailing list archives
Re: hard links on Linux create local DoS vulnerability and security problems
From: Seth Breidbart <sethb () panix com>
Date: Mon, 24 Nov 2003 14:47:53 -0500 (EST)
I think that your observation of the ability to keep a security hole open is very interesting, but, fortunately, it should be moot.
Even if not, it's easily avoidable: when you replace a setuid program, truncate the existing file first, then chmod 000, then delete it. The security hole only remains if you merely delete it. Seth _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: hard links on Linux create local DoS vulnerability and security problems, (continued)
- Re: hard links on Linux create local DoS vulnerability and security problems Jakob Lell (Nov 24)
- Re: Re: hard links on Linux create local DoS vulnerability and security problems Jeremiah Cornelius (Nov 26)
- Re: Re: hard links on Linux create local DoS vulnerability and security problems Peter Busser (Nov 26)
- Re: Re: hard links on Linux create local DoS vulnerability and security problems Kurt Seifried (Nov 26)
- Re: Re: hard links on Linux create local DoS vulnerability and security problems Michal Zalewski (Nov 26)
- Re: Re: hard links on Linux create local DoS vulnerability and security problems Christopher Allene (Nov 26)
- Re: hard links on Linux create local DoS vulnerability and security problems Alan J Rosenthal (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems Casper Dik (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems Carl Ekman (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems Trent Petrasek (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems Seth Breidbart (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems I.R.van Dongen (Nov 25)
- Re: hard links on Linux create local DoS vulnerability and security problems Bob Beck (Nov 25)