OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq Archives: Re: Symlinks and Cryogenic Sleep

Re: Symlinks and Cryogenic Sleep

Subject: Re: Symlinks and Cryogenic Sleep
From: Antonomasia (antNOTATLA.DEMON.CO.UK)
Date: Wed Jan 05 2000 - 12:52:49 CST

My post yesterday seems to have died during moderation.
This happened to my last 2 incidentally - both looked worthwhile to me.

Olaf Kirch:
> That's not true for setuid processes. You're allowed to signal a process
> if _either_ the effective or the real uid match. Try running passwd in
> one window, in another type killall -STOP passwd.

Exactly. I tested it on linux-2.0.26, linux-2.2.12 and openbsd-2.5.
No doubt Olaf selected SIGSTOP for his example because a handler cannot
be installed for it.

Casper mentions ^Z:
> You can, but only from a terminal. (I.e., if you start su/passwd/rsh,
> etc, you can ^Z them)

But doesn't ^Z do SIGTSTP instead of SIGSTOP ?
I have no Solaris boxes here to test.

Goetz Babin-Ebell <babinebellTRUSTCENTER.DE> posted some code with
a number of flaws. It can leak open files as well as be raced.

I have a perl tool for scanning code for file races. It is based on
a description by Bishop & Dilger of an unpublished scanner they wrote.
http://www.notatla.demon.co.uk/SOFTWARE/SCANNER/scanner-1.0b.tar.gz

My suggestion for upgrading Olaf's original code is to test the owner and
group as well as the device and inode in the lstat,fstat comparison. Then
an attacker can only switch a file for another of the same owner:group. 

--
##############################################################
# Antonomasia   antnotatla.demon.co.uk                      #
# See http://www.notatla.demon.co.uk/                        #
##############################################################

This archive was generated by hypermail 2b27 : Fri Jan 07 2000 - 13:59:04 CST