|
Bugtraq
mailing list archives
Re: Symlinks and Cryogenic Sleep
From: ant () NOTATLA DEMON CO UK (Antonomasia)
Date: Wed, 5 Jan 2000 18:52:49 GMT
My post yesterday seems to have died during moderation.
This happened to my last 2 incidentally - both looked worthwhile to me.
Olaf Kirch:
That's not true for setuid processes. You're allowed to signal a process
if _either_ the effective or the real uid match. Try running passwd in
one window, in another type killall -STOP passwd.
Exactly. I tested it on linux-2.0.26, linux-2.2.12 and openbsd-2.5.
No doubt Olaf selected SIGSTOP for his example because a handler cannot
be installed for it.
Casper mentions ^Z:
You can, but only from a terminal. (I.e., if you start su/passwd/rsh,
etc, you can ^Z them)
But doesn't ^Z do SIGTSTP instead of SIGSTOP ?
I have no Solaris boxes here to test.
Goetz Babin-Ebell <babinebell () TRUSTCENTER DE> posted some code with
a number of flaws. It can leak open files as well as be raced.
I have a perl tool for scanning code for file races. It is based on
a description by Bishop & Dilger of an unpublished scanner they wrote.
http://www.notatla.demon.co.uk/SOFTWARE/SCANNER/scanner-1.0b.tar.gz
My suggestion for upgrading Olaf's original code is to test the owner and
group as well as the device and inode in the lstat,fstat comparison. Then
an attacker can only switch a file for another of the same owner:group.
--
##############################################################
# Antonomasia ant () notatla demon co uk #
# See http://www.notatla.demon.co.uk/ #
##############################################################
 By Date 
By Thread
Current thread:
- [RHSA-2000:002] New lpr packages available, (continued)
| 
Intro
