Bugtraq mailing list archives
Re: Tempfile vulnerabilities
From: antirez () INVECE ORG (antirez)
Date: Sat, 5 Feb 2000 12:16:09 +0100
On Wed, Feb 02, 2000 at 02:36:20PM -0700, Theo de Raadt wrote:
The terrible /tmp race handling aside... I suppose then that anyone who attacks a machine which relies on /dev/random -- a world readable device -- should do the following: cat /dev/random > /dev/null & Crypto software which uses those devices should be doing some kind of checking to make sure that they are getting at least good entropy. I
[snip] Sure but there is another problem, while evil user exec 'cat /dev/random > /dev/null &' maybe that the following results in an infinite loop: while(there_are_enougt_entropy() == 0) sleep(1); /* race -- what if the evil user starts to deplate the entropy pool here? */ get_entropy_from_randomdev(); Can be so easy to DoS cryptographic software? Of course all insecure cgi scripts or daemons may be used to pool from /dev/random remotely. An example? the old TERM="../../../bla" problem. antirez
Current thread:
- Re: Statistical Attack Against Virtual Banks, (continued)
- Re: Statistical Attack Against Virtual Banks HC Security (Feb 08)
- Re: Statistical Attack Against Virtual Banks Andre L. Dos Santos (Feb 08)
- Re: Statistical Attack Against Virtual Banks HC Security (Feb 09)
- Re: Statistical Attack Against Virtual Banks Swift Griggs (Feb 09)
- Re: Statistical Attack Against Virtual Banks Andre L. Dos Santos (Feb 08)
- SCO OpenServer SNMPD vulnerability NAI Labs (Feb 07)
- Re: Tempfile vulnerabilities Werner Koch (Feb 02)
- Re: Tempfile vulnerabilities Chris Cappuccio (Feb 03)
- Cross Site Scripting security issue Robert Zilbauer (Feb 02)
- Re: Tempfile vulnerabilities Len Budney (Feb 03)
- Re: Tempfile vulnerabilities antirez (Feb 05)
- Re: Tempfile vulnerabilities Ian Turner (Feb 07)
- Re: Tempfile vulnerabilities Seth David Schoen (Feb 07)
- Remote access vulnerability in all MySQL server versions Robert van der Meulen (Feb 08)
- don't run random "exploit" code Marc Slemko (Feb 08)
- cookies - nothing new Steven Champeon (Feb 07)
- Re: cookies - nothing new MJE (Feb 08)
- Re: Tempfile vulnerabilities Peter Berendi (Feb 08)
- Re: Tempfile vulnerabilities Marc Lehmann (Feb 08)