Home page logo

bugtraq logo Bugtraq mailing list archives

Re: major security bug in reiserfs (may affect SuSE Linux)
From: Christian Zuckschwerdt <Christian.Zuckschwerdt () TRIQ NET>
Date: Thu, 11 Jan 2001 00:19:02 +0100

Some more playing around showed that the 'hidding' depends on the actual
filename. Lots of x in my 1st example did the magic other chars won't.
I'd guess its depended on the sequence in the dir(-listing). Similar to
the observations of Andreas Ferber.

People with insight on the actual btree should have some clues.

The scary thing is that people can screw up systems just by
writing to {/var,}/tmp/<log random name>
One won't recover that diskspace.

On Wed, 10 Jan 2001, Ryan Russell wrote:

On Wed, 10 Jan 2001, Christian Zuckschwerdt wrote:

I've read the directory with a bunch of other tools (perl, find) and
that makes me believe it's not and ls bug.

What do echo * and strings . produce?

Bash won't interpolate the asterisk. That way echo * prints *.
Csh prints echo: No match.
I had no success using strings on the directory itself.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]