|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability
From: Bill Sommerfeld (sommerfeld
ORCHARD.ARLINGTON.MA.US)Date: Thu Oct 26 2000 - 15:28:10 CDT
- Next message: Peter Watkins: "Re: Buffer overflow in iPlanet Web Server 4 server side SHTML parsing module"
- Previous message: Andrew Frith: "Re: Advisory def-2000-02: Cisco Catalyst remote command execution"
- Maybe reply: Bill Sommerfeld: "Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
For what it's worth, I'm unable to reproduce this problem on NetBSD;
its crontab(1) program keeps the temporary file open while the editor
runs, and then does a rewind() on it to reread it from the beginning,
so it can't be confused into reading a different file if you delete,
rename, or replace the temporary file..
- Bill
- Next message: Peter Watkins: "Re: Buffer overflow in iPlanet Web Server 4 server side SHTML parsing module"
- Previous message: Andrew Frith: "Re: Advisory def-2000-02: Cisco Catalyst remote command execution"
- Maybe reply: Bill Sommerfeld: "Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]