Hi, I found this, small bug, you might like it :) tested on a slackware linux. /* ------------------------------------------------------- Title: Silly hardlink vulnerability in 'script' command Software Author: yet unknown Bug found by: Marco van Berkum (m.v.berkumat_private) Date: 12-12-2001 Priority: low ------------------------------------------------------- Script command -------------- The script command which is part of the util-linux package contains a silly hardlink vulnerability which could overwrite any file on the harddisk. Script is a tool to save terminal sessions for later reference. By default script creates a file called typescript for its log. The problem ----------- Very simple, script (when executed as root) overwrites hardlinks that could be set by any user to any file on the harddisk. For instance, a malicious user can place a hardlink 'typescript' to /etc/passwd (or any other file) in his home directory. If the root user would execute script in that directory it would cause script to overwrite that file. Script does check for symlinks and asks if the symlink should be overwritten, it lacks checking hardlinks. Priority -------- Low, its not likely that root users execute script in a user's home directory. They could though, its a minor problem that must be fixed for that reason. Author ------ Still looking for the correct person */ just my 2 cents, Marco van Berkum -- GCC dpu s:--- a- C+++ US++++ P++ L+++ E---- W N o-- K w--- O- M-- V-- PS+++ PE-- Y+ PGP--- t--- 5 X R* tv++ b+++ DI-- D---- G++ e- h+ r y* +---------------------+------------------+-------------------+ | Marco van Berkum | MB17300-RIPE | Security Engineer | | http://ws.obit.nl | "Chernobyl used | Network Admin | | m.v.berkumat_private | Windows" | UNIX | +---------------------+------------------+-------------------+
This archive was generated by hypermail 2b30 : Wed Dec 12 2001 - 22:36:00 PST