Re: Xinetd /tmp race?

From: Jesús Cea Avión (jceaat_private)
Date: Thu Nov 12 1998 - 04:09:07 PST

Next message: Mnemonix: "WARNING: Another ICQ IP address vulnerability"

Previous message: Cory Visi: "Re: [Linux] klogd 1.3-22 buffer overflow"
Maybe in reply to: Balazs Nagy: "Xinetd /tmp race?"
Next in thread: Wayne Schroeder: "Re: Xinetd /tmp race?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> BTW here's the patch:
[...]
> +       if (!(stat(dump_file,
[...]
>         dump_fd = open( dump_file, O_WRONLY + O_CREAT + O_APPEND,

Your patch is vulnerable to race attack. A script issuing "kill -HUP"
and creating links in "/tmp" will succeed in the long run.

Try open with O_CREAT|O_EXCL or lstat+open+fstat.

--
Jesus Cea Avion                         _/_/      _/_/_/        _/_/_/
jceaat_private http://www.argo.es/~jcea/ _/_/    _/_/  _/_/    _/_/  _/_/
                                      _/_/    _/_/          _/_/_/_/_/
PGP Key Available at KeyServ   _/_/  _/_/    _/_/          _/_/  _/_/
"Things are not so easy"      _/_/  _/_/    _/_/  _/_/    _/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/        _/_/_/      _/_/  _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibnitz

Next message: Mnemonix: "WARNING: Another ICQ IP address vulnerability"
Previous message: Cory Visi: "Re: [Linux] klogd 1.3-22 buffer overflow"
Maybe in reply to: Balazs Nagy: "Xinetd /tmp race?"
Next in thread: Wayne Schroeder: "Re: Xinetd /tmp race?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:22:56 PDT