|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: [util-linux] anybody else looked at this?
From: fharvey
securiweb.netDate: Sat Dec 02 2000 - 16:47:12 CST
- Next message: fharveysecuriweb.net: "patch for linux util script.c"
- Previous message: Can Erkin Acar: "(Fwd) LPRng exploits"
- In reply to: jjohnsonpenguincomputing.com: "[util-linux] anybody else looked at this?"
- Reply: fharveysecuriweb.net: "Re: [util-linux] anybody else looked at this?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
i have also see this problem few time ago and i patch it for a a custom
distribution in developpement.
I send you a cvs diff of my patch
i work for me, it's print if it's a ordinary file and ask a question, if
it's a simlink it paste the destination. For a no question, add -w
parameter
Standart disclaimer against patch.
Francois Harvey
Security consultant and linux developer
fharveysecuriweb.net
>>>>>>>>>>>>>>>>>> Message d'origine <<<<<<<<<<<<<<<<<<
Le 11/29/00, à 3:06:19 PM h, jjohnsonpenguincomputing.com vous a écrit
sur le sujet suivant [util-linux] anybody else looked at this?:
> Hi,
> I was looking at the util-linux package and have found a problem in
the script program. The problem is that script fails to check for file
existence before writing to the typescript file by default. This also
works when specifying a different file name. The author of the program
doesn't seem to care about the problem and I really don't have the C skill
needed to fix the problem. I would assume that other programs in this
package have similar problems.
> <email>
> >From aebcwi.nl Thu Nov 09 21:26:35 2000
> Return-Path: <aebcwi.nl>
> Delivered-To: jjohnsonpenguincomputing.com
> Received: (qmail 7756 invoked by uid 708); 9 Nov 2000 21:26:34 -0000
> Received: from hera.cwi.nl (192.16.191.1)
> by 209.24.233.229 with SMTP; 9 Nov 2000 21:26:34 -0000
> Received: from aak.cwi.nl (aak.cwi.nl [192.16.201.116]) by hera.cwi.nl
with ESMTP
> id WAA02279 for <jjohnsonpenguincomputing.com>; Thu, 9 Nov 2000
22:26:38 +0100 (MET)
> Received: by aak.cwi.nl
> id WAA125043; Thu, 9 Nov 2000 22:26:36 +0100 (MET)
> Date: Thu, 9 Nov 2000 22:26:36 +0100 (MET)
> From: Andries.Brouwercwi.nl
> Message-Id: <UTC200011092126.WAA125043.aebaak.cwi.nl>
> To: jjohnsonpenguincomputing.com
> Subject: Re: [util-linux] script symlink race.
> Status: RO
> Content-Length: 650
> Lines: 15
> > script from util-linux 2.10f follows symlinks. A malicious user
> > could drop files named "typescript" all over linked to whatever
> > and cause some serious problems.
> I am not impressed - there are lots of commands that create
> output files; if root goes around invoking all kinds of commands
> in all kinds of directories there is nothing one can do.
> But if this really worries you, you can submit some patch.
> Note that checking properties of a file requires care:
> before you know it there are race conditions,
> where you verify that a path is OK but between the checking
> and the opening the path could be changed to point at
> something else.
> Andries
> </email>
> Jeremiah Johnson
> Linux Security Analyst
> Penguin Computing
- Next message: fharveysecuriweb.net: "patch for linux util script.c"
- Previous message: Can Erkin Acar: "(Fwd) LPRng exploits"
- In reply to: jjohnsonpenguincomputing.com: "[util-linux] anybody else looked at this?"
- Reply: fharveysecuriweb.net: "Re: [util-linux] anybody else looked at this?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]