|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jan Minář (rdancer
rdancer.org)
Date: Sat Jul 26 2008 - 07:33:24 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, Jul 25, 2008 at 4:57 PM, Steven M. Christey
<coleylinus.mitre.org> wrote:
>
> On Fri, 25 Jul 2008, [UTF-8] Jan MináÅ^Y wrote:
>
>> > The commands do not have to be written there between (1) and (2), they
>> > can be in the file long before the ./configure was started -- just
>> > because the script does care whether it can write to the file at all.
>> > So unlike stated in the advisory, and in CVE-2008-3294, the issue does
>> > not involve a race condition if the attacker would choose to create a
>> > 644 file.
>>
>> The file gets truncated in (1). You're wrong, the advisory is right.
>
> Maybe the point here is that if the attacker owns the file and sets 644
> permissions, then the truncation won't happen since ./configure won't have
> the permissions to modify the file.
I stand corrected. I have updated the advisory. Thanks, Robert.
Thanks to Steven for rephrasing.
Jan.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]