Bugtraq mailing list archives
Re: Exploit for Linux wu.ftpd hole
From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Sun, 9 Jul 1995 06:31:39 -0400
When you move something on top of messages, messages is unlinked. The file is still open, but no longer accessible through the directory structure.Can this not be detected?
Yes (an fstat() will show st_nlink==0, I think). First question, though, is "does it need to be?". One could argue syslogd should be checking for this condition, but it's not entirely clear to me why. It's syslogd's job to log things, not to try to detect and recover from pilot error. I'm also not prepared to dogmatically state that this condition is always pilot error; I've been surprised too often by someone (often myself) finding a good use for something that initially looked like an administrator blundering.
Obviously the write will fail, when this occurs
No, it won't - at least it sure better not. An open file with no filesystem links is perfectly legal and useful, and always has been; there is no excuse at all for that alone to cause writes to fail. der Mouse mouse () collatz mcrcim mcgill edu
Current thread:
- Re: Exploit for Linux wu.ftpd hole, (continued)
- Re: Exploit for Linux wu.ftpd hole Stan Barber (Jul 05)
- Re: Exploit for Linux wu.ftpd hole John Adams (Jul 05)
- Re: Exploit for Linux wu.ftpd hole bt (Jul 05)
- Re: Exploit for Linux wu.ftpd hole Marek Michalkiewicz (Jul 06)
- Re: Exploit for Linux wu.ftpd hole Pete Shipley (Jul 05)
- Yggdrasil Linux (mis)configuration problem Paul Tony Watson (Jul 06)
- Re: Exploit for Linux wu.ftpd hole bt (Jul 05)
- Re: Exploit for Linux wu.ftpd hole der Mouse (Jul 06)
- Re: Exploit for Linux wu.ftpd hole William McVey - wam (Jul 07)
- Re: Exploit for Linux wu.ftpd hole Simon Burr (Jul 09)
- Re: Exploit for Linux wu.ftpd hole der Mouse (Jul 08)
- Re: Exploit for Linux wu.ftpd hole der Mouse (Jul 09)