mailing list archives
Re: Tempfile vulnerabilities
From: antirez () INVECE ORG (antirez)
Date: Sat, 5 Feb 2000 12:16:09 +0100
On Wed, Feb 02, 2000 at 02:36:20PM -0700, Theo de Raadt wrote:
The terrible /tmp race handling aside...
I suppose then that anyone who attacks a machine which relies on
/dev/random -- a world readable device -- should do the following:
cat /dev/random > /dev/null &
Crypto software which uses those devices should be doing some kind of
checking to make sure that they are getting at least good entropy. I
Sure but there is another problem, while evil user exec 'cat /dev/random >
/dev/null &' maybe that the following results in an infinite loop:
while(there_are_enougt_entropy() == 0)
/* race -- what if the evil user starts to deplate the entropy pool here? */
Can be so easy to DoS cryptographic software?
Of course all insecure cgi scripts or daemons may be used to pool from
/dev/random remotely. An example? the old TERM="../../../bla" problem.
Re: Tempfile vulnerabilities Neil Blakey-Milner (Feb 02)
Re: Tempfile vulnerabilities Niall R. Murphy (Feb 01)