[13245] in bugtraq
Re: Symlinks and Cryogenic Sleep
daemon@ATHENA.MIT.EDU (Casper Dik)
Wed Jan 5 14:32:19 2000
Message-Id: <200001042040.VAA10701@romulus>
Date: Tue, 4 Jan 2000 21:40:55 +0100
Reply-To: Casper Dik <casper@HOLLAND.SUN.COM>
From: Casper Dik <casper@HOLLAND.SUN.COM>
X-To: "Mark A. Heilpern" <heilpern@MINDSPRING.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Mon, 03 Jan 2000 17:34:45 EST."
<4.2.0.58.20000103173034.00a3c8f0@mail.mindspring.com>
>>When
>>the application reaches the critical section of code between the
>>lstat and the open, you stop it by sending it a SIGSTOP. You record
>>the device and inode number of your /tmp file, remove it, and wait.
The ploy should fail right here: as far as I'm aware, this protection
only works on sticky directories. In that case, it's not possible to
remove it.
>Maybe I'm just naive, but it's my understanding that you cannot send signals
>to a process you don't own unless you are root.
You can, but only from a terminal. (I.e., if you start su/passwd/rsh,
etc, you can ^Z them)
Casper
