Bugtraq mailing list archives
Re: /etc/utmp
From: ole!rwing!pat () nwnexus wa com (Pat Myrto)
Date: Tue, 29 Mar 94 9:22:52 PST
"In the previous message, Jeff Allen said..."
Pat Myrto wrote:Seems anything creating a file while running with root privs is full of gotchas, especially with symlinks around. There is supposed to be a 'safefile' function in the mail command that if used properly makes sure the file isn't a symlink or being switched under it, I would like to see an example of how that is done and not being subject to race conditions.There is some code in taintperl to make sure that a symlink swap hasn't taken place beneath the SUID scipt in question. Grep the perl sources for "Mail". Larry has left a little surprise for would-be hackers. :)
Thanks for pointing that out - I will check that out. Sounds like an idea I can unashamedly borrow... :-)
You may be able to work with it and get the kind of routine you are talking about.
Great!! -- pat@rwing [If all fails, try: rwing!pat () ole cdac com] Pat Myrto - Seattle WA "No one has the right to destroy another person's belief by demanding empirical evidence." -- Ann Landers, nationally syndicated advice columnist and Director at Handgun Control Inc.
Current thread:
- Re: /etc/utmp Marc W. Mengel (Mar 28)
- <Possible follow-ups>
- Re: /etc/utmp Bob Manson (Mar 28)
- Re: /etc/utmp Pat Myrto (Mar 28)
- Re: /etc/utmp Casper Dik (Mar 28)
- Re: /etc/utmp Scott Chasin (Mar 28)
- Re: /etc/utmp Pat Myrto (Mar 29)
- Re: /etc/utmp Pat Myrto (Mar 29)