[2013] in bugtraq
Re: Exploit for Linux wu.ftpd hole
daemon@ATHENA.MIT.EDU (der Mouse)
Sun Jul 9 22:35:12 1995
Date: Sun, 9 Jul 1995 06:31:39 -0400
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: der Mouse <mouse@Collatz.McRCIM.McGill.EDU>
X-To: bugtraq@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
>> When you move something on top of messages, messages is unlinked.
>> The file is still open, but no longer accessible through the
>> directory structure.
> Can this not be detected?
Yes (an fstat() will show st_nlink==0, I think). First question,
though, is "does it need to be?". One could argue syslogd should be
checking for this condition, but it's not entirely clear to me why.
It's syslogd's job to log things, not to try to detect and recover from
pilot error. I'm also not prepared to dogmatically state that this
condition is always pilot error; I've been surprised too often by
someone (often myself) finding a good use for something that initially
looked like an administrator blundering.
> Obviously the write will fail, when this occurs
No, it won't - at least it sure better not. An open file with no
filesystem links is perfectly legal and useful, and always has been;
there is no excuse at all for that alone to cause writes to fail.
der Mouse
mouse@collatz.mcrcim.mcgill.edu
