[6494] in bugtraq
Wietse's RPCBIND
daemon@ATHENA.MIT.EDU (Wietse Venema)
Fri Apr 10 18:08:24 1998
Date: Fri, 10 Apr 1998 15:26:47 -0400
Reply-To: Wietse Venema <wietse@PORCUPINE.ORG>
From: Wietse Venema <wietse@PORCUPINE.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199804101131.UAA14534@sparc18.personal-media.co.jp> from Chiaki
Ishikawa at "Apr 10, 98 08:31:14 pm"
"My" rpcbind (which is mostly SUN code) does:
unlink(savefile);
fopen(savefile);
Thus, the time window is small. Moreover, you get only one chance;
once rpcbind is gone, someone has to restart it by hand. I figure
that if you slow down the file system enough, and fill up the open
file table, there will be a way to sneak in.
The fix is to open the save file with the O_EXCL flag set. I'm
about to leave for a week. I'll see if I can get out an update
today, otherwise it will have to be a week later.
Wietse
