[2737] in bugtraq
Re: Publically writable directories
daemon@ATHENA.MIT.EDU (Thomas Koenig)
Tue Jun 18 14:13:37 1996
Date: Tue, 18 Jun 1996 19:07:54 +0200
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Thomas Koenig <ig25@mvmampc66.ciw.uni-karlsruhe.de>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <199606181557.LAA62775@tigger.itc.Virginia.EDU> from Bill
Pemberton at "Jun 18, 96 11:57:48 am"
Bill Pemberton wrote:
>Thomas Koenig writes:
>> $ ln -s /tmp/some.file /etc/nologin
>> Can this also create security problems for a 'normal' user?
>Quite easily. What about:
>
>ln -s /tmp/some.file /home/blah/.rhosts
If I implement the lstat/lstat solution (i.e check wether I've actually
created the file), and then back off once I've noticed the switch, all
I've done is create an EMPTY file, and I can't be sure which one.
Is there any way such an empty file can be of more than nuisance value
to an attacker?
--
Thomas Koenig, Thomas.Koenig@ciw.uni-karlsruhe.de, ig25@dkauni2.bitnet.
The joy of engineering is to find a straight line on a double
logarithmic diagram.
