From: Ho-jung Kim, security group DOSFIN of Honam Univ. from Kwangju, KOREA.
[EMAIL PROTECTED]
TO: [EMAIL PROTECTED]
Subject: 'ln' have vulnerablity.
System: All system of RedHat Linux box. (and other)
I tested on system of RedHat Linux box 6.0 and 6.1.
I think about below version will be. (?)
Detail: I found 'ln' bug at June of last year. (june, 1999)
This bug is,,, well maybe serious or simple... or nothing...
But this bug have a little serious problem...
The problem of 'ln' bug where '-b' and '-f' option.
These option will help when anyone want to copy any files.
Look...
/etc/shadow file permission is 400(-r--------).
$ id
uid=501(lnbug) gid=501(lnbug)
$ pwd
/home/lnbug
$ ln -b /etc/shadow .
$
$ ls -ld ./shadow
-r-------- xxx root root 100 .... shadow
$ ln -f /etc/shadow ./shadow2 // -f option is only using by superuser ^^;
$
$ ls -lad ./shadow*
-r-------- xxx root root 100 .... shadow
-r-------- xxx root root 100 .... shadow2
cool!... copied original-copy file...
what's up ?
Ho-jung Kim
from DOSFIN
P.s: well,,, I hope this bug 1st found by me...
----------------------------------------------------------------
ÇÑ ¹ø °¡ÀÔÇÏ¸é ¸ÞÀÏ + ȨÆäÀÌÁö + µ¿È£È¸¸¦ Æò»ý ¹«·á·Î !
Lycos Korea Inc.
http://www.lycos.co.kr
----------------------------------------------------------------
