[21200] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: smbd remote file creation vulnerability

daemon@ATHENA.MIT.EDU (Jarno Huuskonen)
Tue Jun 26 16:16:27 2001

Date: Tue, 26 Jun 2001 09:53:29 +0300
From: Jarno Huuskonen <Jarno.Huuskonen@uku.fi>
To: bugtraq@securityfocus.com
Cc: Pavol Luptak <wilder@hq.alert.sk>
Message-ID: <20010626095329.B74898@messi.uku.fi>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20010625190919.A13420@hq.alert.sk>; from wilder@hq.alert.sk on Mon, Jun 25, 2001 at 07:09:19PM +0200

On Mon, Jun 25, Pavol Luptak wrote:
> Linux kernels with openwall patch (with restricted links in /tmp) are
> imunne to this type of attack (following symlinks does not work, link
> owner does not match with file's owner).

The symlink restrictions work only in /tmp (mode 1777) directories, so
making the symlink in your own homedir still works (should work).

-Jarno

-- 
Jarno Huuskonen <Jarno.Huuskonen@removeme.uku.fi>


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[21200] in bugtraq

Re: smbd remote file creation vulnerability

daemon@ATHENA.MIT.EDU (Jarno Huuskonen)Tue Jun 26 16:16:27 2001

daemon@ATHENA.MIT.EDU (Jarno Huuskonen)
Tue Jun 26 16:16:27 2001