<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Vulnerability Development: Re: BSD chfn bug

Re: BSD chfn bug

From: Warner Losh <imp_at_VILLAGE.ORG>
Date: Tue, 28 Dec 1999 10:05:40 -0700

In message <19991228165015.94446.qmail_at_hotmail.com> "FARAZ JAMSHED" writes:
: >>In message <Pine.LNX.4.20.9912251656310.23074->>100000_at_pet.notbsd.org>
: >>"Stanislav N. Vardomskiy" writes:
: >>: This just *might* be a problem.
: >
: >Not the way you think. You have no control over the name of the file
: >created.
: >
: >Warner
:
: yes we could have control by setting the right UMASK settings...

How? It creates the file in /etc. You must have write permissions to
the directory in order to rename files, which you won't have unless
you are already root. Setting the permissions on the *file* won't
change this at all. You still can't rename it (and I did try just
now). And since chfn, et al use mkstemp, you can't race it either.

Warner
Received on Dec 28 1999

This message: [ Message body ]
Next message: Viktorie Navratilova: "Re: ssh quirks..."
Previous message: FARAZ JAMSHED: "Re: BSD chfn bug"
In reply to: FARAZ JAMSHED: "Re: BSD chfn bug"
Next in thread: Blue Boar: "Re: BSD chfn bug (aka ssh quirks/killing thread)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos