Vulnerability Development mailing list archives
Re: BSD chfn bug (aka ssh quirks/killing thread)
From: BlueBoar () THIEVCO COM (Blue Boar)
Date: Tue, 28 Dec 1999 14:06:02 -0800
FARAZ JAMSHED wrote:
In message <Pine.LNX.4.20.9912251656310.23074->>100000 () pet notbsd org> "Stanislav N. Vardomskiy" writes: : This just *might* be a problem.Not the way you think. You have no control over the name of the file created. Warneryes we could have control by setting the right UMASK settings...
The question posed was is there a way to get a file with the name you want in /etc using the bug under discussion. Most folks (myself included) fail to see how the umask setting helps with that. To rename files, one has to have rights on the parent directory, not the file itself. So, if you've got an example of how umask helps, we'd love to see it. Other than that, we've all had our unix file permission refresher for the week. People are starting to get nasty in their replies. So, unless folks have some interesting technical points that bring us closer to a security hole, I'm going to kill off these threads. BB
Current thread:
- Re: BSD chfn bug FARAZ JAMSHED (Dec 28)
- Re: BSD chfn bug Warner Losh (Dec 28)
- Re: BSD chfn bug (aka ssh quirks/killing thread) Blue Boar (Dec 28)
- leaky kernel ? ;) mIV (Dec 29)
- Re: leaky kernel ? ;) H D Moore (Dec 29)
- Re: leaky kernel ? ;) Wakko Ellington Warner-Warner III (Dec 30)
- Re: leaky kernel ? ;) Andrei D. Caraman (Dec 30)