Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: smbd remote file creation vulnerability
From: Phil Stracchino <alaric () babcom com>
Date: Wed, 27 Jun 2001 16:35:09 -0700

On Wed, Jun 27, 2001 at 12:42:52AM +0200, Wichert Akkerman wrote:
Previously Pavol Luptak wrote:
Linux kernels with openwall patch (with restricted links in /tmp) are
imunne to this type of attack (following symlinks does not work, link
owner does not match with file's owner).

If symlink don't work you can still use a hardlink though.

Which is yet another reason for making /tmp a separate filesystem.


-- 
 Linux Now!   ..........Because friends don't let friends use Microsoft.
 phil stracchino   --   the renaissance man   --   mystic zen biker geek
        alaric () babcom com                halmayne () sourceforge net
   2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault