oss-sec mailing list archives

Re: Untrusted fs and invalid filenames

From: Eitan Adler <lists () eitanadler com>
Date: Sun, 13 Mar 2011 15:18:27 -0500

On Sat, Mar 12, 2011 at 12:03 PM, Vasiliy Kulikov <segoon () openwall com> wrote:

This is a resumption of the subject "Physical access vulnerabilities and
auto-mounting" brought by Dan Rosenberg.  The previous discussion was
about possible attacks the kernel, now I'd like to talk about attacks
userland programs.


http://www.dwheeler.com/essays/fixing-unix-linux-filenames.html and
http://www.dwheeler.com/essays/filenames-in-shell.html are relevant
here.




-- 
Eitan Adler

Current thread:

Untrusted fs and invalid filenames Vasiliy Kulikov (Mar 12)
- Re: Untrusted fs and invalid filenames Steve Grubb (Mar 13)
- Re: Untrusted fs and invalid filenames Eitan Adler (Mar 13)
- Re: Untrusted fs and invalid filenames Stephan Mueller (Mar 14)
  - Re: Untrusted fs and invalid filenames Dan Rosenberg (Mar 14)
    - Re: Untrusted fs and invalid filenames Stephan Mueller (Mar 14)
    - Re: Untrusted fs and invalid filenames Steve Grubb (Mar 14)
    - Re: Untrusted fs and invalid filenames Vasiliy Kulikov (Mar 14)
  - Re: Untrusted fs and invalid filenames Ludwig Nussel (Mar 14)
    - Re: Untrusted fs and invalid filenames Steve Grubb (Mar 14)