Date: Wed, 29 Sep 1999 10:38:53 -0400 (EDT) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> Cc: freebsd-security@FreeBSD.ORG Subject: Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Message-ID: <199909291438.KAA19248@khavrinen.lcs.mit.edu> In-Reply-To: <199909291352.GAA31310@cwsys.cwsent.com> References: <199909291352.GAA31310@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Wed, 29 Sep 1999 06:52:24 -0700, Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> said: > Following is a post to BUGTRAQ. It appears that SSH under FreeBSD is > also "vulnerable" to bind(2) following synlinks during UNIX Domain > Socket creation. My question is: Is this an application bug, e.g. not > checking for a symlink prior to creating the socket, or would this be > an O/S bug, e.g. FreeBSD should not follow symlinks when creating UNIX > Domain Sockets? Checking for the existence of a symbolic link would simply be a race condition. It is an application bug in that temporary files created by applications should always reside in a newly-created directory which is owned by the appropriate user and mode 700. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909291438.KAA19248>