Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]

From: Casper Dik (casperat_private)
Date: Fri Oct 01 1999 - 12:33:02 PDT

Next message: Jay R. Ashworth: "WIn98 port security query"

Previous message: Scott Gifford: "Fix for ssh-1.2.27 symlink/bind problem"
Next in thread: Valdis.Kletnieksat_private: "Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

So, what about:

	char tmpl[] = "/tmp/dirXXXXXXX";
	char dir[sizeof(tmpl)];

	do {
	    strcpy(x, tmpl);
	    mktemp(x);
	} while (mkdir(x, 0700) != 0);

	bind(somesocket in dir x)
	rename(nameof socket, desired name of socket);

	rmdir(x);


Under proper uids; I think most UNIX domain sockets can stand renaming;
not sure if they all do.


Casper

Next message: Jay R. Ashworth: "WIn98 port security query"
Previous message: Scott Gifford: "Fix for ssh-1.2.27 symlink/bind problem"
Next in thread: Valdis.Kletnieksat_private: "Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:06:27 PDT