Re: Announcement: Phrack 52

From: Olaf Kirch (okirat_private)
Date: Wed Jan 28 1998 - 02:00:22 PST

Next message: Tony Hagale: "Microsoft responds to bug in Exchange Server"

Previous message: Joseph Jay Austin: "Security flaw in htmlscript"
Maybe in reply to: routeat_private: "Announcement: Phrack 52"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

There's a Linux kernel patch floating on the net, and now has been
published in Phrack, that is supposed to make /tmp directories more
secure. In particular, it claims to keep users from creating hard
links in +t directories.

However the patch does not protect the rename call, so the following
should give you a hardlink to passwd in /tmp:

        mkdir /tmp/foo          (no sticky bit on foo)
        ln /etc/passwd /tmp/foo
        mv /tmp/{foo/,}passwd

Cheers
Olaf

Next message: Tony Hagale: "Microsoft responds to bug in Exchange Server"
Previous message: Joseph Jay Austin: "Security flaw in htmlscript"
Maybe in reply to: routeat_private: "Announcement: Phrack 52"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:41:07 PDT