[2505] in bugtraq
Re: XFree86 3.1.2 Security Problems
daemon@ATHENA.MIT.EDU (Neil Readwin)
Mon Feb 5 02:25:01 1996
Date: Sat, 3 Feb 1996 01:44:45 +0000
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Neil Readwin <nreadwin@london.micrognosis.com>
X-To: BUGTRAQ@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: <Pine.LNX.3.91.960130020624.149C-100000@trashint.sct.fr> from
"Anthony C. Zboralski" at Jan 30, 96 02:51:40 am
Anthony C. Zboralski writes:
> Maybe someone could take a look at the server sources so it does a
> system("/bin/rm /tmp/.tX0-lock") just before it a write to the file..
That doesn't fix it since it leaves a race condition that could be
exploited using something like ...
while(stat(TmpFile, &fileinfo) == 0)
;
symlink(TargetFile, TmpFile);
--
nreadwin@micrognosis.co.uk Phone: +1 908 855 1221 x519
Anything is a cause for sorrow that my mind or body has made
