Re: RAZOR advisory: Linux util-linux chfn local root vulnerability

From: Andreas Beck (becka@uni-duesseldorf.de)
Date: Wed Jul 31 2002 - 00:11:20 PDT

Next message: Jose Nazario: "Re: It takes two to tango"

Previous message: Chris Paget: "Re: It takes two to tango"
In reply to: Andrew Pimlott: "Re: RAZOR advisory: Linux util-linux chfn local root vulnerability"
Next in thread: Szemkel: "Re: RAZOR advisory: Linux util-linux chfn local root vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andrew Pimlott <andrewat_private> wrote:
> > > If he is smart, he will check whether the file is open (eg with fuser)
> > Not really. The file does not have to be open to be present in the system.
> > It is prefectly possible to leave a dangling root-owned file several
> > times, 
> Correct, but: the admin should still verify that it is not open
> before deleting it (in his cron job).  

As long as there is no atomic "check-if-file-is-open-and-if-not-delete-it"
this just makes exploitation harder by introducing another race condition.


CU, Andy

-- 
= Andreas Beck                    |  Email :  <beckaat_private>             =

Next message: Jose Nazario: "Re: It takes two to tango"
Previous message: Chris Paget: "Re: It takes two to tango"
In reply to: Andrew Pimlott: "Re: RAZOR advisory: Linux util-linux chfn local root vulnerability"
Next in thread: Szemkel: "Re: RAZOR advisory: Linux util-linux chfn local root vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 31 2002 - 09:34:59 PDT