Re: Security Anti Symlink Attack Patch for 2.1.71

Jon Lewis (jlewis@inorganic5.fdt.net)
Mon, 8 Dec 1997 17:41:19 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Richard Henderson: "Re: 2.1.71 and sound driver: what's going on ?"
Previous message: Brian: "2.1.70 broke PPP!"
In reply to: Ian Collier: "Re: Security Anti Symlink Attack Patch for 2.1.71"
Next in thread: Robert Bihlmeyer: "Re: Security Anti Symlink Attack Patch for 2.1.71"

On Mon, 8 Dec 1997, Ian Collier wrote:

> cd /tmp
> mkdir myowndir
> ln -s myowndir/anything anything
> cd myowndir
> ln -s /.rhosts anything

Are there any examples of programs that do that? i.e. Now you need to
convince someone (root in this case) to write to /tmp/myowndir/anything.
Just having them write to /tmp/anything is stopped by the current link
patch by Solar Designer. Or are you talking about problems in some other
version of a symlink patch that's been proposed??

------------------------------------------------------------------
Jon Lewis <jlewis@fdt.net> | Unsolicited commercial e-mail will
Network Administrator | be proof-read for $199/message.
Florida Digital Turnpike |
______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____

Next message: Richard Henderson: "Re: 2.1.71 and sound driver: what's going on ?"
Previous message: Brian: "2.1.70 broke PPP!"
In reply to: Ian Collier: "Re: Security Anti Symlink Attack Patch for 2.1.71"
Next in thread: Robert Bihlmeyer: "Re: Security Anti Symlink Attack Patch for 2.1.71"