Full Disclosure mailing list archives
Symlink attack techniques
From: Werner Schalk <werner_schalk () gmx de>
Date: Wed, 14 Dec 2005 22:42:18 +0000
Hi, I am currently doing a pentest and I was wondering whether you guys would know any symlink attack technique for the following scenario: On a Unix system there is a cronjob set up which will use the find command to create some sort of report and output that report to a predictable file in /tmp. So basically the command in the crontab is something like: 15 4 * * 6 root /usr/bin/find [command] > /tmp/report.txt Due to the fact that I can't influence what is written to that file but link /tmp/report to a different file (e.g. /etc/passwd) I can cause some local disruption/problems I think. So my question now is: Is there any other way of executing code in this scenario? Can I use file descriptors with this? Any input is greatly appreciated. Thank you. All the best, Werner. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Symlink attack techniques Werner Schalk (Dec 14)
- Re: Symlink attack techniques H D Moore (Dec 14)
- Re: Symlink attack techniques Werner Schalk (Dec 15)
- Re: Symlink attack techniques Joachim Schipper (Dec 15)
- Re: Symlink attack techniques James Longstreet (Dec 15)
- Re: Symlink attack techniques Valdis . Kletnieks (Dec 15)
- Re: Symlink attack techniques Tim (Dec 15)
- Re: Symlink attack techniques Werner Schalk (Dec 15)
- Re: Symlink attack techniques H D Moore (Dec 14)