Bugtraq mailing list archives

Re: Exploit for Linux wu.ftpd hole

From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Sun, 9 Jul 1995 06:31:39 -0400

When you move something on top of messages, messages is unlinked.
The file is still open, but no longer accessible through the
directory structure.

Can this not be detected?


Yes (an fstat() will show st_nlink==0, I think).  First question,
though, is "does it need to be?".  One could argue syslogd should be
checking for this condition, but it's not entirely clear to me why.
It's syslogd's job to log things, not to try to detect and recover from
pilot error.  I'm also not prepared to dogmatically state that this
condition is always pilot error; I've been surprised too often by
someone (often myself) finding a good use for something that initially
looked like an administrator blundering.

Obviously the write will fail, when this occurs


No, it won't - at least it sure better not.  An open file with no
filesystem links is perfectly legal and useful, and always has been;
there is no excuse at all for that alone to cause writes to fail.

                                        der Mouse

                            mouse () collatz mcrcim mcgill edu

Current thread:

Re: Exploit for Linux wu.ftpd hole, (continued)
- Re: Exploit for Linux wu.ftpd hole Stan Barber (Jul 05)
- Re: Exploit for Linux wu.ftpd hole John Adams (Jul 05)
  - Re: Exploit for Linux wu.ftpd hole bt (Jul 05)
    - Re: Exploit for Linux wu.ftpd hole Marek Michalkiewicz (Jul 06)
  - Re: Exploit for Linux wu.ftpd hole Pete Shipley (Jul 05)
  - Yggdrasil Linux (mis)configuration problem Paul Tony Watson (Jul 06)
- Re: Exploit for Linux wu.ftpd hole der Mouse (Jul 06)
- Re: Exploit for Linux wu.ftpd hole William McVey - wam (Jul 07)
  - Re: Exploit for Linux wu.ftpd hole Simon Burr (Jul 09)
- Re: Exploit for Linux wu.ftpd hole der Mouse (Jul 08)
- Re: Exploit for Linux wu.ftpd hole der Mouse (Jul 09)