Date: Sun, 25 Feb 1996 13:19:18 -0800 (PST) From: invalid opcode <coredump@nervosa.com> To: Brian Tao <taob@io.org> Cc: FREEBSD-SECURITY-L <freebsd-security@FreeBSD.ORG> Subject: Re: Suspicious symlinks in /tmp Message-ID: <Pine.BSF.3.91.960225131851.8196F-100000@nervosa.com> In-Reply-To: <Pine.BSF.3.91.960224170513.186B-100000@zap.io.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 24 Feb 1996, Brian Tao wrote: > lrwxrwxrwt 1 bin user 21 Feb 24 17:04 passwd-link.19573 -> /tmp/passwd-dir.19573 > lrwxrwxrwt 1 bin user 21 Feb 24 17:04 passwd-link.20196 -> /tmp/passwd-dir.20196 > lrwxrwxrwt 1 bin user 21 Feb 24 17:04 passwd-link.20543 -> /tmp/passwd-dir.20543 > > Brian Tao (BT300, taob@io.org) Looks like someone is trying to exploit a race condition in order to grab the password file. == Chris Layne ============================================================== == coredump@nervosa.com ================= http://www.nervosa.com/~coredump ==
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960225131851.8196F-100000>