Bugtraq mailing list archives

Re: Announcement: Phrack 52

From: okir () CALDERA DE (Olaf Kirch)
Date: Wed, 28 Jan 1998 11:00:22 +0100


Hi,

There's a Linux kernel patch floating on the net, and now has been
published in Phrack, that is supposed to make /tmp directories more
secure. In particular, it claims to keep users from creating hard
links in +t directories.

However the patch does not protect the rename call, so the following
should give you a hardlink to passwd in /tmp:

        mkdir /tmp/foo          (no sticky bit on foo)
        ln /etc/passwd /tmp/foo
        mv /tmp/{foo/,}passwd

Cheers
Olaf

Current thread:

Re: pnserver exploit.., (continued)
- - - Re: pnserver exploit.. Donald van de Weyer (Jan 21)
    - (AUSCERT ESB-98.009) CERT Advisory CA-98.02 - Vulnerabilities in Grant Beattie (Jan 21)
    - Q179148: Settings May Not Be Applied with URL with Short Filename Aleph One (Jan 23)
    - CDE: dtappgather on AIX Marcin Cieslak (Jan 25)
    - Simple OpenBSD crash script Jason Downs (Jan 25)
    - Re: Simple OpenBSD crash script GvS One (Jan 28)
    - Quake 2 Linux kevingeo () CRUZIO COM (Jan 25)
    - Re: Quake 2 Linux Greg Alexander (Jan 27)
    - Announcement: Phrack 52 route () RESENTMENT INFONEXUS COM (Jan 26)
    - Microsoft responds to bug in Exchange Server Tony Hagale (Jan 27)
    - Re: Announcement: Phrack 52 Olaf Kirch (Jan 28)
    - KSR[T] Advisory #7: filter KSR[T] (Jan 29)
    - Bug in IMail's pop3d32.exe RHS Linux User (Jan 29)
    - Secure Linux patch Solar Designer (Jan 29)
    - Gaining Domain Admins access on LAN (fwd) Weld Pond (Jan 28)
    - GZEXE - the big problem Micha? Zalewski (Jan 28)
  - Re: Xserver stack smashed Rahul Sahadevan (Jan 26)
  - Vulnerability in htmlscript Dennis Moore (Jan 26)
  - ANNOUNCE: Secure Syslog Lucio Torre (Jan 26)
  - Security flaw in htmlscript Joseph Jay Austin (Jan 27)
- Re: Correction: CPSN 9:971208: Solaris /var Permission Problems Randy Mikesell (Jan 13)

(Thread continues...)