On Wed, 2004-10-27 at 17:04 -0400, Valdis.Kletnieks@private wrote: > On Wed, 27 Oct 2004 16:37:40 EDT, Colin Walters said: > > > > Not "any uid 0 process" - "any process able to change ownerships/permissi= > > ons/ > > > contexts" :) Also, the threat model isn't "uid 0 subverts the control", = > > it's > > > "Joe User tricks a uid 0 process into running a /tmp-race exploit"... > > > > With SELinux the domain would also need privileges to read temporary > > files created by the attacker. > > No - that's a different attack than I'm worried about. I'm looking at > the case of being redirected to stomp on my *own* files that I have the > privs to. You run gcc, gcc creates a tempfile in /tmp, that accidentally > follows a symlink, and your ~/.foo file gets clobbered (yes, they fixed *that* > bug in gcc a while ago). Who created the symlink in this attack?
This archive was generated by hypermail 2.1.3 : Wed Oct 27 2004 - 14:13:34 PDT