Bugtraq mailing list archives
Re: Xinetd /tmp race?
From: jcea () ARGO ES (Jesús Cea Avión)
Date: Thu, 12 Nov 1998 11:09:07 -0100
BTW here's the patch:
[...]
+ if (!(stat(dump_file,
[...]
dump_fd = open( dump_file, O_WRONLY + O_CREAT + O_APPEND,
Your patch is vulnerable to race attack. A script issuing "kill -HUP" and creating links in "/tmp" will succeed in the long run. Try open with O_CREAT|O_EXCL or lstat+open+fstat. -- Jesus Cea Avion _/_/ _/_/_/ _/_/_/ jcea () argo es http://www.argo.es/~jcea/ _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ _/_/_/_/_/ PGP Key Available at KeyServ _/_/ _/_/ _/_/ _/_/ _/_/ "Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ "My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/ "El amor es poner tu felicidad en la felicidad de otro" - Leibnitz
Current thread:
- Xinetd /tmp race? Balazs Nagy (Nov 10)
- SCO World Script Vulnerabilities Ben Laurie (Nov 11)
- Re: SCO World Script Vulnerabilities Joe (Nov 12)
- WARNING: Another ICQ IP address vulnerability Mnemonix (Nov 11)
- Citadel security exploits? Stout, Bill (Nov 11)
- Re: Xinetd /tmp race? Wayne Schroeder (Nov 11)
- Re: Xinetd /tmp race? Glynn Clements (Nov 11)
- <Possible follow-ups>
- Re: Xinetd /tmp race? Jesús Cea Avión (Nov 12)
- Re: Xinetd /tmp race? Glynn Clements (Nov 12)
- Re: Xinetd /tmp race? Casper Dik (Nov 14)
- Re: Xinetd /tmp race? Marc Heuse (Nov 13)
- Re: Xinetd /tmp race? Pavel Kankovsky (Nov 13)
- Re: Xinetd /tmp race? stanislav shalunov (Nov 13)
- Re: Xinetd /tmp race? Kevin Vajk (Nov 14)
- SCO World Script Vulnerabilities Ben Laurie (Nov 11)