Date: Mon, 26 Feb 1996 13:19:27 -0800 (PST) From: Nathan Lawson <nlawson@kdat.csc.calpoly.edu> To: msmith@comtch.iea.com (Mark Smith) Cc: security@freebsd.org Subject: Re: Suspicious symlinks in /tmp Message-ID: <199602262119.NAA13075@kdat.calpoly.edu> In-Reply-To: <199602261536.PAA11711@comtch.iea.com> from "Mark Smith" at Feb 26, 96 07:36:50 am
index | next in thread | previous in thread | raw e-mail
> > > > > On Sun, 25 Feb 1996, Mark Smith wrote: > > > > > Looks like someone is trying to exploit a race condition in order to grab > > > > the password file. > > > > > > Will this attack work under FreeBSD 2.1R ? > > > Mark > > > > A race condition attack will work under any OS when a race condition is > > possible. > > > > Possibly, I didn't make my self clear. Is this race condition possible > under FreeBSD 2.1R ? No. Absolutely not. That was a bug in SunOS's passwd program. Specifying -F allowed the user to specify a passwd file to change. However, the bug that I have seen for quite a while and complained about is that a symlink is owned by the owner of the file it points to, not by the creator of the symlink. That is a bad idea and I really can't see the logic behind doing that. Could someone explain this behavior? -- Nate Lawson \Yeah, I was dreaming through the 'howzlife', yawning, car black, CS-EE double \when she told me 'mad and meaningless as ever...' and a song major, \came on the radio like a cemetery rhyme for a million crying unaccredited \corpses in their tragedy of respectable existence. - BRhelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602262119.NAA13075>