Vulnerability Development mailing list archives
Re: BSD chfn bug
From: imp () VILLAGE ORG (Warner Losh)
Date: Tue, 28 Dec 1999 10:05:40 -0700
In message <19991228165015.94446.qmail () hotmail com> "FARAZ JAMSHED" writes: : >>In message <Pine.LNX.4.20.9912251656310.23074->>100000 () pet notbsd org> : >>"Stanislav N. Vardomskiy" writes: : >>: This just *might* be a problem. : > : >Not the way you think. You have no control over the name of the file : >created. : > : >Warner : : yes we could have control by setting the right UMASK settings... How? It creates the file in /etc. You must have write permissions to the directory in order to rename files, which you won't have unless you are already root. Setting the permissions on the *file* won't change this at all. You still can't rename it (and I did try just now). And since chfn, et al use mkstemp, you can't race it either. Warner
Current thread:
- Re: BSD chfn bug FARAZ JAMSHED (Dec 28)
- Re: BSD chfn bug Warner Losh (Dec 28)
- Re: BSD chfn bug (aka ssh quirks/killing thread) Blue Boar (Dec 28)
- leaky kernel ? ;) mIV (Dec 29)
- Re: leaky kernel ? ;) H D Moore (Dec 29)
- Re: leaky kernel ? ;) Wakko Ellington Warner-Warner III (Dec 30)
- Re: leaky kernel ? ;) Andrei D. Caraman (Dec 30)