[21201] in bugtraq
Re: smbd remote file creation vulnerability
daemon@ATHENA.MIT.EDU (Pavol Luptak)
Tue Jun 26 16:27:59 2001
Date: Tue, 26 Jun 2001 14:53:38 +0200
From: Pavol Luptak <wilder@hq.alert.sk>
To: bugtraq@securityfocus.com
Cc: Jarno Huuskonen <Jarno.Huuskonen@uku.fi>
Message-ID: <20010626145337.A3377@hq.alert.sk>
Mail-Followup-To: Pavol Luptak <wilder@hq.alert.sk>,
bugtraq@securityfocus.com, Jarno Huuskonen <Jarno.Huuskonen@uku.fi>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="uAKRQypu60I7Lcqm"
Content-Disposition: inline
In-Reply-To: <20010626095329.B74898@messi.uku.fi>; from Jarno.Huuskonen@uku.fi on Tue, Jun 26, 2001 at 09:53:29AM +0300
--uAKRQypu60I7Lcqm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Jun 26, 2001 at 09:53:29AM +0300, Jarno Huuskonen wrote:
> On Mon, Jun 25, Pavol Luptak wrote:
> > Linux kernels with openwall patch (with restricted links in /tmp) are
> > imunne to this type of attack (following symlinks does not work, link
> > owner does not match with file's owner).
>=20
> The symlink restrictions work only in /tmp (mode 1777) directories, so
> making the symlink in your own homedir still works (should work).
Yes, the symlink does not have to be in /tmp, but you have to ensure
the path to your symlink in your own homedir is enough short to fill in
NetBIOS name (about 15 characters).
--=20
_______________________________________________________________________
[wilder@hq.alert.sk] [http://hq.alert.sk/~wilder] [talker: ttt.sk 5678]=20
--uAKRQypu60I7Lcqm
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7OIXRhL+8XxdK5TIRAkcRAJ4muSq4z5QZYPcMq4humW7KSy0EzACgiNAl
Nxaf1c8V55tMHdSq/RaRURM=
=LC3B
-----END PGP SIGNATURE-----
--uAKRQypu60I7Lcqm--
