Bugtraq: Re: RAZOR advisory: Linux util-linux chfn local root vulnerability

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: RAZOR advisory: Linux util-linux chfn local root vulnerability

From: Andreas Beck <becka () uni-duesseldorf de>
Date: Wed, 31 Jul 2002 09:11:20 +0200

Andrew Pimlott <andrew () pimlott net> wrote:

If he is smart, he will check whether the file is open (eg with fuser)

Not really. The file does not have to be open to be present in the system.
It is prefectly possible to leave a dangling root-owned file several
times,

Correct, but: the admin should still verify that it is not open
before deleting it (in his cron job).


As long as there is no atomic "check-if-file-is-open-and-if-not-delete-it"
this just makes exploitation harder by introducing another race condition.


CU, Andy

-- 
= Andreas Beck                    |  Email :  <becka () bedatec de>             =

By Date By Thread

Current thread:

RAZOR advisory: Linux util-linux chfn local root vulnerability Michal Zalewski (Jul 29)
- Re: RAZOR advisory: Linux util-linux chfn local root vulnerability Andrew Pimlott (Jul 30)
  - Re: RAZOR advisory: Linux util-linux chfn local root vulnerability Michal Zalewski (Jul 30)
    - Re: RAZOR advisory: Linux util-linux chfn local root vulnerability Andrew Pimlott (Jul 30)
    - Re: RAZOR advisory: Linux util-linux chfn local root vulnerability Andreas Beck (Jul 31)
- Re: RAZOR advisory: Linux util-linux chfn local root vulnerability Szemkel (Jul 30)