Home page logo
  • Nmap Security Scanner
  • Security Lists
  • Security Tools
  • Site News
  • Advertising
  • About/Contact
  • Sponsors:



/

fulldisclosure logo Full Disclosure mailing list archives

Re: Symlink vulnerabilities
From: bugs () fbi dhs org
Date: Mon, 24 Oct 2011 14:44:42 -0400 (EDT)

I think it was grep -H '\$\$'



May I ask what the grep(1) pattern was?
--
========================================================
Leon Kaiser      - Head of GNAA Public Relations -
        literalka () gnaa eu || literalka () goatse fr
       http://gnaa.eu || http://security.goatse.fr
      7BEECD8D FCBED526 F7960173 459111CE F01F9923
"The mask of anonymity is not intensely constructive."
       -- Andrew "weev" Auernheimer
========================================================

On Sat, 2011-10-22 at 07:54 -0400, bugs () fbi dhs org wrote:


I apologize as my search wasn't a complex method, just a quick grep for
signs of /tmp misuse. Indeed creating a directory under /tmp is a
safeway
to handle tmp files.


bugs () fbi dhs org wrote:


bashbug:

/usr/bin/bashbug:TEMPDIR=$TMPDIR/bbug.$$

Maybe I should use bashbug to report a bug in bashbug?



I took a quick look, it's actually using mkdir to create a temporary
directory in /tmp, which it uses for collecting support files.

This is actually a safe way to use /tmp, assuming you check the return
code
of mkdir (which it does). The mkdir() system call behaves very

differently

to open(), and is not vulnerable to these attacks.

Tavis.

--
-------------------------------------
taviso () cmpxchg8b com | pgp encrypted mail preferred
-------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]