Bugtraq mailing list archives
Re: RAZOR advisory: Linux util-linux chfn local root vulnerability
From: Andreas Beck <becka () uni-duesseldorf de>
Date: Wed, 31 Jul 2002 09:11:20 +0200
Andrew Pimlott <andrew () pimlott net> wrote:
If he is smart, he will check whether the file is open (eg with fuser)Not really. The file does not have to be open to be present in the system. It is prefectly possible to leave a dangling root-owned file several times,Correct, but: the admin should still verify that it is not open before deleting it (in his cron job).
As long as there is no atomic "check-if-file-is-open-and-if-not-delete-it" this just makes exploitation harder by introducing another race condition. CU, Andy -- = Andreas Beck | Email : <becka () bedatec de> =
Current thread:
- RAZOR advisory: Linux util-linux chfn local root vulnerability Michal Zalewski (Jul 29)
- Re: RAZOR advisory: Linux util-linux chfn local root vulnerability Andrew Pimlott (Jul 30)
- Re: RAZOR advisory: Linux util-linux chfn local root vulnerability Michal Zalewski (Jul 30)
- Re: RAZOR advisory: Linux util-linux chfn local root vulnerability Andrew Pimlott (Jul 30)
- Re: RAZOR advisory: Linux util-linux chfn local root vulnerability Andreas Beck (Jul 31)
- Re: RAZOR advisory: Linux util-linux chfn local root vulnerability Michal Zalewski (Jul 30)
- Re: RAZOR advisory: Linux util-linux chfn local root vulnerability Andrew Pimlott (Jul 30)
- Re: RAZOR advisory: Linux util-linux chfn local root vulnerability Szemkel (Jul 30)