[13287] in bugtraq
Re: Symlinks and Cryogenic Sleep
daemon@ATHENA.MIT.EDU (Antonomasia)
Fri Jan 7 16:48:19 2000
Message-Id: <200001051852.SAA04672@notatla.demon.co.uk>
Date: Wed, 5 Jan 2000 18:52:49 GMT
Reply-To: Antonomasia <ant@NOTATLA.DEMON.CO.UK>
From: Antonomasia <ant@NOTATLA.DEMON.CO.UK>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
My post yesterday seems to have died during moderation.
This happened to my last 2 incidentally - both looked worthwhile to me.
Olaf Kirch:
> That's not true for setuid processes. You're allowed to signal a process
> if _either_ the effective or the real uid match. Try running passwd in
> one window, in another type killall -STOP passwd.
Exactly. I tested it on linux-2.0.26, linux-2.2.12 and openbsd-2.5.
No doubt Olaf selected SIGSTOP for his example because a handler cannot
be installed for it.
Casper mentions ^Z:
> You can, but only from a terminal. (I.e., if you start su/passwd/rsh,
> etc, you can ^Z them)
But doesn't ^Z do SIGTSTP instead of SIGSTOP ?
I have no Solaris boxes here to test.
Goetz Babin-Ebell <babinebell@TRUSTCENTER.DE> posted some code with
a number of flaws. It can leak open files as well as be raced.
I have a perl tool for scanning code for file races. It is based on
a description by Bishop & Dilger of an unpublished scanner they wrote.
http://www.notatla.demon.co.uk/SOFTWARE/SCANNER/scanner-1.0b.tar.gz
My suggestion for upgrading Olaf's original code is to test the owner and
group as well as the device and inode in the lstat,fstat comparison. Then
an attacker can only switch a file for another of the same owner:group.
--
##############################################################
# Antonomasia ant@notatla.demon.co.uk #
# See http://www.notatla.demon.co.uk/ #
##############################################################
