Re: [RFC] [PATCH] Replace security fields with hashtable

From: Valdis.Kletnieks@private
Date: Wed Oct 27 2004 - 14:26:05 PDT

Previous message: Michael Dean: "Re: [RFC] [PATCH] Replace security fields with hashtable"
In reply to: Colin Walters: "Re: [RFC] [PATCH] Replace security fields with hashtable"
Next in thread: Colin Walters: "Re: [RFC] [PATCH] Replace security fields with hashtable"
Next in thread: Stephen Smalley: "Re: [RFC] [PATCH] Replace security fields with hashtable"
Reply: Colin Walters: "Re: [RFC] [PATCH] Replace security fields with hashtable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Wed, 27 Oct 2004 17:13:53 EDT, Colin Walters said:

> > No - that's a different attack than I'm worried about.  I'm looking at
> > the case of being redirected to stomp on my *own* files that I have the
> > privs to.  You run gcc, gcc creates a tempfile in /tmp, that accidentally
> > follows a symlink, and your ~/.foo file gets clobbered (yes, they fixed *=
> that*
> > bug in gcc a while ago).
> 
> Who created the symlink in this attack?

The attacker (usually running as 'generic user') creates a symlink and
waits for it to be followed by the victim.

http://search.cert.org/query.html?rq=0&col=incnotes&col=secimp&col=techtips&col=vulnotes&qt=+symlink&charset=iso-8859-1

pulls up some 21 examples.

application/pgp-signature attachment: stored

Previous message: Michael Dean: "Re: [RFC] [PATCH] Replace security fields with hashtable"
In reply to: Colin Walters: "Re: [RFC] [PATCH] Replace security fields with hashtable"
Next in thread: Colin Walters: "Re: [RFC] [PATCH] Replace security fields with hashtable"
Next in thread: Stephen Smalley: "Re: [RFC] [PATCH] Replace security fields with hashtable"
Reply: Colin Walters: "Re: [RFC] [PATCH] Replace security fields with hashtable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Wed Oct 27 2004 - 14:26:43 PDT