Midnight Commander (I have version 4.1.8, RedHat 5.0) is launched using the following shell macro: mc=() { MC=/tmp/mc$$-"$RANDOM"; /usr/bin/mc -P "$@" >"$MC"; cd "`cat $MC`"; rm "$MC"; unset MC } Well, unfortunately it isn't secure. $$ is replaced with shell pid (not mc pid!!!) - usually it's user's login shell pid, and may be obtained with 'ps au|grep "\-bash"'. $RANDOM, as everyone knows, generates pseudo-random integer from range 0..32767. Well, 'random' number isn't very random, but even without mathematical tricks we can guess it - when we create eg. 1000 [sym]links (a few seconds), our chances are about 1/33, and probably target file will be sooner or later overwritten with mc's last working directory. With 10000 files (it will take maybe a half minute) - our chances incerases to about 1/3, but it needs more disk activity and may be detected... Solution? Use mktemp: MC=`mktemp mc$$-XXXXXX` instead of $RANDOM :))) _______________________________________________________________________ Michal Zalewski [tel 9690] | finger 4 PGP [lcamtufat_private] Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deustch] =--------------- [ echo "\$0&\$0">_;chmod +x _;./_ ] -----------------=
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:45:32 PDT