My post yesterday seems to have died during moderation. This happened to my last 2 incidentally - both looked worthwhile to me. Olaf Kirch: > That's not true for setuid processes. You're allowed to signal a process > if _either_ the effective or the real uid match. Try running passwd in > one window, in another type killall -STOP passwd. Exactly. I tested it on linux-2.0.26, linux-2.2.12 and openbsd-2.5. No doubt Olaf selected SIGSTOP for his example because a handler cannot be installed for it. Casper mentions ^Z: > You can, but only from a terminal. (I.e., if you start su/passwd/rsh, > etc, you can ^Z them) But doesn't ^Z do SIGTSTP instead of SIGSTOP ? I have no Solaris boxes here to test. Goetz Babin-Ebell <babinebellat_private> posted some code with a number of flaws. It can leak open files as well as be raced. I have a perl tool for scanning code for file races. It is based on a description by Bishop & Dilger of an unpublished scanner they wrote. http://www.notatla.demon.co.uk/SOFTWARE/SCANNER/scanner-1.0b.tar.gz My suggestion for upgrading Olaf's original code is to test the owner and group as well as the device and inode in the lstat,fstat comparison. Then an attacker can only switch a file for another of the same owner:group. -- ############################################################## # Antonomasia antat_private # # See http://www.notatla.demon.co.uk/ # ##############################################################
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:27:07 PDT