[26441] in bugtraq
Re: RAZOR advisory: Linux util-linux chfn local root vulnerability
daemon@ATHENA.MIT.EDU (Andreas Beck)
Wed Jul 31 13:03:18 2002
Date: Wed, 31 Jul 2002 09:11:20 +0200
From: Andreas Beck <becka@uni-duesseldorf.de>
In-reply-to: <20020730144831.GG1593@pimlott.net>; from andrew@pimlott.net on
Tue, Jul 30, 2002 at 10:48:31AM -0400
To: bugtraq@securityfocus.com
Mail-Followup-To: bugtraq@securityfocus.com
Message-id: <20020731091120.A1249@uni-duesseldorf.de>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-disposition: inline
Content-transfer-encoding: 7BIT
Andrew Pimlott <andrew@pimlott.net> wrote:
> > > If he is smart, he will check whether the file is open (eg with fuser)
> > Not really. The file does not have to be open to be present in the system.
> > It is prefectly possible to leave a dangling root-owned file several
> > times,
> Correct, but: the admin should still verify that it is not open
> before deleting it (in his cron job).
As long as there is no atomic "check-if-file-is-open-and-if-not-delete-it"
this just makes exploitation harder by introducing another race condition.
CU, Andy
--
= Andreas Beck | Email : <becka@bedatec.de> =
