Re: Symlinks and Cryogenic Sleep

From: Casper Dik (casperat_private)
Date: Tue Jan 04 2000 - 12:40:55 PST

Next message: Sir Dystic: "Re: SECURITY ALERT - WAR FTP DAEMON ALL VERSIONS"

Previous message: Metal Hurlant: "Re: Hotmail security hole - injecting JavaScript using <IMG"
Maybe in reply to: Olaf Kirch: "Symlinks and Cryogenic Sleep"
Next in thread: Antonomasia: "Re: Symlinks and Cryogenic Sleep"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>When
>>the application reaches the critical section of code between the
>>lstat and the open, you stop it by sending it a SIGSTOP. You record
>>the device and inode number of your /tmp file, remove it, and wait.

The ploy should fail right here: as far as I'm aware, this protection
only works on sticky directories.  In that case, it's not possible to
remove it.

>Maybe I'm just naive, but it's my understanding that you cannot send signals
>to a process you don't own unless you are root.


You can, but only from a terminal. (I.e., if you start su/passwd/rsh,
etc, you can ^Z them)

Casper

Next message: Sir Dystic: "Re: SECURITY ALERT - WAR FTP DAEMON ALL VERSIONS"
Previous message: Metal Hurlant: "Re: Hotmail security hole - injecting JavaScript using <IMG"
Maybe in reply to: Olaf Kirch: "Symlinks and Cryogenic Sleep"
Next in thread: Antonomasia: "Re: Symlinks and Cryogenic Sleep"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:26:38 PDT