>>>>> On Thu, 30 Sep 1999, "JL" = Jeff Long wrote:
JL> Seeing the race problems with the previous two patches I thought I
JL> would take a shot at one. It changes the effective uid/gid to the
JL> user logging in before doing the bind() (and then resets them after)
JL> which seems to take care of the problem. [ ... ] The bind() will
JL> fail if a symlink exists to a file that the user would normally not
JL> be able to write to (such as /etc/nologin).
Surely this still isn't ideal, though? It now won't overwrite root-owned
files, so the security hazard isn't there, but anyone on the system can
still fool a user into overwriting one of his own files, which is not
great.
Or have I missed something?
Cheers,
Chris.
------------------------------------------------------------------- ><> ---
Hardware Compilation Group, Oxford University Computing Laboratory,
Wolfson Building, Parks Road, Oxford, OX1 3QD, U.K.
tel: +44 (1865) (2)73865 e-mail: Chris.Keaneat_private
http://www.comlab.ox.ac.uk/oucl/users/chris.keane/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:06:25 PDT