Re: [PATCH] BSD Secure Levels: claim block dev in file struct rather than inode struct, 2.6.11-rc2-mm1 (3/8)

From: David Wagner
Date: Tue Feb 08 2005 - 09:38:34 EST

Next message: Lorenzo Hernández García-Hierro: "Re: [PATCH] sys_chroot() hook for additional chroot() jailsenforcing"
Previous message: David Howells: "[PATCH] NOMMU: Documentation of no-MMU mmap"
Next in thread: Michael Halcrow: "Re: [PATCH] BSD Secure Levels: claim block dev in file struct rather than inode struct, 2.6.11-rc2-mm1 (3/8)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>The attack is to hardlink some tempfile name to some file you want
>over-written. This usually involves just a little bit of work, such as
>recognizing that a given root cronjob uses an unsafe predictable filename
>in /tmp (look at the Bugtraq or Full-Disclosure archives, there's plenty).
>Then you set a little program that sleep()s till a few seconds before
>the cronjob runs, does a getpid(), and then sprays hardlinks into the
>next 15 or 20 things that mktemp() will generate...

Got it. Very good -- now I see. Thanks for the explanation.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Lorenzo Hernández García-Hierro: "Re: [PATCH] sys_chroot() hook for additional chroot() jailsenforcing"
Previous message: David Howells: "[PATCH] NOMMU: Documentation of no-MMU mmap"
Next in thread: Michael Halcrow: "Re: [PATCH] BSD Secure Levels: claim block dev in file struct rather than inode struct, 2.6.11-rc2-mm1 (3/8)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]