>>>>> On Thu, 30 Sep 1999, "JL" = Jeff Long wrote: JL> Seeing the race problems with the previous two patches I thought I JL> would take a shot at one. It changes the effective uid/gid to the JL> user logging in before doing the bind() (and then resets them after) JL> which seems to take care of the problem. [ ... ] The bind() will JL> fail if a symlink exists to a file that the user would normally not JL> be able to write to (such as /etc/nologin). Surely this still isn't ideal, though? It now won't overwrite root-owned files, so the security hazard isn't there, but anyone on the system can still fool a user into overwriting one of his own files, which is not great. Or have I missed something? Cheers, Chris. ------------------------------------------------------------------- ><> --- Hardware Compilation Group, Oxford University Computing Laboratory, Wolfson Building, Parks Road, Oxford, OX1 3QD, U.K. tel: +44 (1865) (2)73865 e-mail: Chris.Keaneat_private http://www.comlab.ox.ac.uk/oucl/users/chris.keane/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:06:25 PDT