[21218] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: smbd remote file creation vulnerability

daemon@ATHENA.MIT.EDU (Wichert Akkerman)
Wed Jun 27 18:25:51 2001

Date: Wed, 27 Jun 2001 00:42:52 +0200
From: Wichert Akkerman <wichert@wiggy.net>
To: bugtraq@securityfocus.com
Cc: Pavol Luptak <wilder@hq.alert.sk>
Message-ID: <20010627004252.A6280@wiggy.net>
Mail-Followup-To: bugtraq@securityfocus.com,
	Pavol Luptak <wilder@hq.alert.sk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20010625190919.A13420@hq.alert.sk>

Previously Pavol Luptak wrote:
> Linux kernels with openwall patch (with restricted links in /tmp) are
> imunne to this type of attack (following symlinks does not work, link
> owner does not match with file's owner).

If symlink don't work you can still use a hardlink though.

Wichert.

-- 
  _________________________________________________________________
 /       Nothing is fool-proof to a sufficiently talented fool     \
| wichert@cistron.nl                  http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[21218] in bugtraq

Re: smbd remote file creation vulnerability

daemon@ATHENA.MIT.EDU (Wichert Akkerman)Wed Jun 27 18:25:51 2001

daemon@ATHENA.MIT.EDU (Wichert Akkerman)
Wed Jun 27 18:25:51 2001