Hi. This is my first post, so please be gentle ;) Also, sorry if this is a known bug, but i couldn't find anything about it in the archives from the past few months. i got bored today, so i played around a bit with some stuff... this is one interesting thing i saw -> [root@busted]-[/tmp]# (ps -aux|grep gcc);ls -la root 1683 0.0 2.1 856 324 4 S 18:25 0:00 gcc -o z zed.c <junk snipped> -rw-rw-r-- 1 root root 33583 Jan 2 18:25 cca02383.i -rw-rw-r-- 1 root root 0 Jan 2 18:25 cca02383.s -rw-rw-r-- 1 root root 41 Jan 2 18:56 purly.pl hrm... this didn't quite look quite right... i made some symlinks (about 50 or so, rather than spend some time to be accurate) with the names "cca02490.s" to "cca02550.s" to a file called "purly.pl" Then i ran gcc a few hundred times, just for good measure... -rwxrwxr-x 1 root root 2386 Jan 2 18:44 purly.pl [root@busted]-[/tmp]# head purly.pl -n 2 .file "zed.c" .version "01.01" hello! this isn't the "hello world!" thing i used to have... The ramifications of this? And file that can be read, can be destroyed with some time and effort on the part of an attacker... (Mind you, it might be a *lot* of time, but who knows) Richard Kenny -- rkennyat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:38:18 PDT