[23486] in bugtraq
Re: Silly 'script' hardlink bug
daemon@ATHENA.MIT.EDU (Michael Shigorin)
Thu Dec 13 13:48:55 2001
Date: Thu, 13 Dec 2001 08:58:46 +0200
From: Michael Shigorin <mike@lic145.kiev.ua>
To: bugtraq@securityfocus.com
Message-ID: <20011213085846.C1567@lic145.kiev.ua>
Mail-Followup-To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="9dgjiU4MmWPVapMU"
Content-Disposition: inline
In-Reply-To: <3C17E20C.5692DA23@obit.nl>
--9dgjiU4MmWPVapMU
Content-Type: multipart/mixed; boundary="da4uJneut+ArUgXk"
Content-Disposition: inline
--da4uJneut+ArUgXk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Thu, Dec 13, 2001 at 12:02:36AM +0100, Marco van Berkum wrote:
> the harddisk. For instance, a malicious user can place
> a hardlink 'typescript' to /etc/passwd (or any other file)
> in his home directory. If the root user would execute
...and no sane system will get /etc and /home on the same
partition. Still, it's beloved `mitigating factor', not a
solution. Just my 2 copecks.
--
---- WBR, Michael Shigorin <mike@altlinux.ru>
------ http://visa.chem.univ.kiev.ua/~mike/
--da4uJneut+ArUgXk
Content-Type: application/pgp-keys
Content-Description: PGP Key 0xB60C9B72.
Content-Disposition: attachment
Content-Transfer-Encoding: quoted-printable
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDuwtc4RBACxlNSx9OZBMYP0ujNPhteOUeywTh+6mKFsF9YlTHvf2bzH04qO
QFZe/amacuRzp1HEvDlt+XWIZKnmCvdC3BG0fun2WeIBSsgyNbaZNgAg6b1YPojn
FvYAngdSa6l7j5NgC6unF6TWmRK5X1vbKaicsTyC9cDDh9T9xOvB+mxBkwCg3zBb
PPndZd9Qc0+xxOEZPUGS+ZED/jM/ekHdbGUFF8FRxK48tYbt7i43jterFCfM4AJr
WBgPnOq9CjHjxhjsaOTwDWQV55oPUN84U2YXj6vZBqdnicV3tyzXCIvCLuWdXrUR
cvNtwxwBlsDwGdJLhbaSHaLqwxTyb4sqzty5XkPHvJ//o/GMYKIq+5Uq2FMcoRaO
NL8wBACa8lInwpFeVmJ26EZQ4jU1V2eSXRnioxeQlUfPbMkqqi2wXTlYKZ75tC3U
eC0tgNbB5B+08CXJTmAPCRRcHGJcMEeg2fYHallkyi1KAUi0r2SUkVgq7gLdFeUT
6Y8l89/BUbGfDZJQHIqVmDqJDHWzApc0RODgaKrVT40bKpHwCrQmTWljaGFlbCBT
aGlnb3JpbiA8bWlrZUBsaWMxNDUua2lldi51YT6IVwQTEQIAFwUCO7C1zgULBwoD
BAMVAwIDFgIBAheAAAoJEG7Dw6a2DJtyNwwAn2pngYgurv6Cdnnld1SBMwXo/eyR
AJ94e9xRzp9fVMc0xUCk4Q9tv3JL2rQzTWljaGFlbCBTaGlnb3JpbiAoS2lldiwg
VWtyYWluZSkgPG1pa2VAYWx0bGludXgucnU+iFcEExECABcFAjuwtjMFCwcKAwQD
FQMCAxYCAQIXgAAKCRBuw8Omtgybcv9PAKCcR5g/3Ioj6XVwXPuab4sitM5EzgCZ
AYV1upXI6UQEDEC0Uhk4bO6FFG25Ag0EO7C16hAIALH+F+guVo0o7qE3lfyJm/3k
YW7AfAeenScIDlHssWn7FabiO4ipDmqKg0zWmRmPO6p9vVXltrLe4PT7vapw+nUW
2EO5w/Fk/876k9yVGA5EP8PvnZj2ayTt5Yo7ldIEu35kcCp65goTueZbQIXfe62K
BmqU/PfubtC6cgNr9h/c9x0O+P9YK3MjaGwfEbHcE5H7oNhGnL+opg7NEJfJOG9V
06QD63xZ+pTXfCGhkDpFBZW4HR0gJjX+utLME40vDQ/OxSwX99m7Okk0qApmkBe/
3RW2+2F2V9SCLsmxx2hlrz5QlEJD10yFRLHXiANGyv1BQBbxZHWSVbLU1EjpiScA
AwUH/1kWlkmpb56XocNbmAUP8FbwELO2iKHmFxNKsB/Gu3AJ01tavmSmtBSW6Ly9
M2fEjhRd7xEw4UNERMtCeuZBCMW3BPUnnE/mTR1EMWj4tKucUcAJEu89jh8X5Jy7
0PwealZM+w42R/iyvtSzzW2lWRJkz51rz0fF+PKG3w+O+FjE5f3tHkFYRf7fMvdD
b3iP2HuutoaxYuw2nLKH3hFrSPzk5E//ID0KmEhLj207gM9xFV4YemNPNAOPhTRR
s/PZjHowrg0MPY1MvSavIwKK5/9eVPHit/GpyPMWOWIqVhvskK/+ZUruGuAt5J4I
yxwfZpK6b9UOLlRF6tQWLJOfHO6IRgQYEQIABgUCO7C16gAKCRBuw8OmtgybchqP
AJwKW6fuEhrP7VosfMY6nR8q6h5GlACgjrP4Cprs4/ZIPFGybTNBRwWhYAM=3D
=3DJpZw
-----END PGP PUBLIC KEY BLOCK-----
--da4uJneut+ArUgXk--
--9dgjiU4MmWPVapMU
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8GFGmbsPDprYMm3IRAr9BAKCBwsdAHqw6vju7AsF9bF0khhasSgCfTLWY
m9+hCsz5TZd762hNi7kIaJw=
=myD5
-----END PGP SIGNATURE-----
--9dgjiU4MmWPVapMU--
