Bugtraq mailing list archives

Re: Little exploit for startup scripts (SCO 5.0.4p).

From: rosmo () sektori com (Taneli Leppä)
Date: Mon, 8 Mar 1999 18:37:45 +0200


On Mon, 8 Mar 1999 08:43:15 +0100, Peter van Dijk wrote:

No. rm -f removes just the symlink, not the target file.


Actually the script won't delete any script, instead
it will overwrite any file:

# S84rpcinit:
# ...
#       /bin/su root -c "/bin/ps -ef" > /tmp/rpc$$ 2>/tmp/rpc.err$$
#       /bin/rm -f /tmp/rpc.err$$

Now if /tmp/rpc$$ was symlinked to another file, it would
be overwritten with output from /bin/ps... right? :-)

Regards,
Taneli
--
| Taneli Leppä <rosmo () sektori com>, <http://www.rosmo.sektori.com>
| GSM: +358505485242 - Tärkeimmät uutiset: http://uutiset.icon.fi

Current thread:

Re: Linux /usr/bin/gnuplot overflow -- SuSE hasnt fixed lsof, (continued)
- - - Re: Linux /usr/bin/gnuplot overflow -- SuSE hasnt fixed lsof Mario Lorenz (Mar 05)
    - Update to Microsoft Security Bulletin (MS99-006) aleph1 () UNDERGROUND ORG (Mar 05)
    - More Internet Explorer zone confusion Jim Paris (Mar 05)
    - Re: More Internet Explorer zone confusion Walt Armour (Mar 08)
    - Re: More Internet Explorer zone confusion Jeremy Nimmer (Mar 08)
    - Re: More Internet Explorer zone confusion Jim Paris (Mar 08)
    - ISAPI Extension vulnerability allows to execute code as SYSTEM Aleph One (Mar 08)
    - Re: More Internet Explorer zone confusion David E. Smith (Mar 08)
    - Little exploit for startup scripts (SCO 5.0.4p). leshka (Mar 07)
    - Re: Little exploit for startup scripts (SCO 5.0.4p). Peter van Dijk (Mar 07)
    - Re: Little exploit for startup scripts (SCO 5.0.4p). Taneli Leppä (Mar 08)
    - Call for Papers: CQRE Detlef Hühnlein (Mar 08)
    - Re: Little exploit for startup scripts (SCO 5.0.4p). Jon Coyle (Mar 08)