[6046] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Announcement: Phrack 52

daemon@ATHENA.MIT.EDU (Olaf Kirch)
Wed Jan 28 14:37:24 1998

Date: 	Wed, 28 Jan 1998 11:00:22 +0100
Reply-To: Olaf Kirch <okir@CALDERA.DE>
From: Olaf Kirch <okir@CALDERA.DE>
X-To:         route@RESENTMENT.INFONEXUS.COM
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <19980126190847.11117.qmail@resentment.infonexus.com>; from
              route@RESENTMENT.INFONEXUS.COM on Mon, Jan 26,
              1998 at 11:08:47AM -0800

Hi,

There's a Linux kernel patch floating on the net, and now has been
published in Phrack, that is supposed to make /tmp directories more
secure. In particular, it claims to keep users from creating hard
links in +t directories.

However the patch does not protect the rename call, so the following
should give you a hardlink to passwd in /tmp:

        mkdir /tmp/foo          (no sticky bit on foo)
        ln /etc/passwd /tmp/foo
        mv /tmp/{foo/,}passwd

Cheers
Olaf


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[6046] in bugtraq

Re: Announcement: Phrack 52

daemon@ATHENA.MIT.EDU (Olaf Kirch)Wed Jan 28 14:37:24 1998

daemon@ATHENA.MIT.EDU (Olaf Kirch)
Wed Jan 28 14:37:24 1998