Re: Silly 'script' hardlink bug

From: Michael Shigorin (mikeat_private)
Date: Wed Dec 12 2001 - 22:58:46 PST

Next message: Support Info: "Security Update [CSSA-2001-042.0] Linux - Remote vulnerability in OpenSSH"

Previous message: Matthew Lane: "Webseal 3.8"
In reply to: Marco van Berkum: "Silly 'script' hardlink bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Dec 13, 2001 at 12:02:36AM +0100, Marco van Berkum wrote:
> the harddisk. For instance, a malicious user can place
> a hardlink 'typescript' to /etc/passwd (or any other file)
> in his home directory. If the root user would execute
...and no sane system will get /etc and /home on the same
partition.  Still, it's beloved `mitigating factor', not a
solution.  Just my 2 copecks.

-- 
 ---- WBR, Michael Shigorin <mikeat_private>
  ------ http://visa.chem.univ.kiev.ua/~mike/

application/pgp-keys attachment: PGP Key 0xB60C9B72.

application/pgp-signature attachment: stored

Next message: Support Info: "Security Update [CSSA-2001-042.0] Linux - Remote vulnerability in OpenSSH"
Previous message: Matthew Lane: "Webseal 3.8"
In reply to: Marco van Berkum: "Silly 'script' hardlink bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Dec 13 2001 - 10:43:57 PST