[12103] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]

daemon@ATHENA.MIT.EDU (Casper Dik)
Sun Oct 3 23:13:05 1999

Message-Id:  <199910011933.VAA25840@romulus>
Date:         Fri, 1 Oct 1999 21:33:02 +0200
Reply-To: Casper Dik <casper@HOLLAND.SUN.COM>
From: Casper Dik <casper@HOLLAND.SUN.COM>
X-To:         BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  Your message of "Thu, 30 Sep 1999 15:06:12 EDT." 
              <99Sep30.150614edt.96306-2339@jane.cs.toronto.edu>

So, what about:

	char tmpl[] = "/tmp/dirXXXXXXX";
	char dir[sizeof(tmpl)];

	do {
	    strcpy(x, tmpl);
	    mktemp(x);
	} while (mkdir(x, 0700) != 0);

	bind(somesocket in dir x)
	rename(nameof socket, desired name of socket);

	rmdir(x);


Under proper uids; I think most UNIX domain sockets can stand renaming;
not sure if they all do.


Casper


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[12103] in bugtraq

Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]

daemon@ATHENA.MIT.EDU (Casper Dik)Sun Oct 3 23:13:05 1999

daemon@ATHENA.MIT.EDU (Casper Dik)
Sun Oct 3 23:13:05 1999