Re: smbd remote file creation vulnerability

From: Pavol Luptak (wilderat_private)
Date: Tue Jun 26 2001 - 05:53:38 PDT

Previous message: Jarno Huuskonen: "Re: smbd remote file creation vulnerability"
In reply to: Jarno Huuskonen: "Re: smbd remote file creation vulnerability"
Next in thread: Simple Nomad: "Re: smbd remote file creation vulnerability"
Next in thread: Fatal Connect: "Re: smbd remote file creation vulnerability"
Reply: Simple Nomad: "Re: smbd remote file creation vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jun 26, 2001 at 09:53:29AM +0300, Jarno Huuskonen wrote:
> On Mon, Jun 25, Pavol Luptak wrote:
> > Linux kernels with openwall patch (with restricted links in /tmp) are
> > imunne to this type of attack (following symlinks does not work, link
> > owner does not match with file's owner).
> 
> The symlink restrictions work only in /tmp (mode 1777) directories, so
> making the symlink in your own homedir still works (should work).

Yes, the symlink does not have to be in /tmp, but you have to ensure
the path to your symlink in your own homedir is enough short to fill in
NetBIOS name (about 15 characters).
-- 
_______________________________________________________________________
[wilderat_private] [http://hq.alert.sk/~wilder] [talker: ttt.sk 5678]

application/pgp-signature attachment: stored

Next message: gollum: "Advisory"
Previous message: Jarno Huuskonen: "Re: smbd remote file creation vulnerability"
In reply to: Jarno Huuskonen: "Re: smbd remote file creation vulnerability"
Next in thread: Simple Nomad: "Re: smbd remote file creation vulnerability"
Next in thread: Fatal Connect: "Re: smbd remote file creation vulnerability"
Reply: Simple Nomad: "Re: smbd remote file creation vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jun 26 2001 - 13:28:29 PDT