Joerg Schilling schrieb am Mittwoch, den 20. Juni 2001:
> >> You are going to write a security relevant appliaction where people
> >> could gain something from attaking the /tmp files. You see, it only
> >> applies to suid or sgid applications.
>
> >So having a script which, when run by a user, can cause the user's mail
> >spool file to be overwritten is not a security problem?
>
> If youremove the old file first, you may be close to 100% sure that
> there is no such problem. Note that many UNIX programs create /tmp/ files
> and some of them make it easy to know the names in advance.
The chance that this happens by accident is, indeed, very small.
I was thinking about an attacker who deliberately and repeatedly creates
links from files /tmp.123 to /var/spool/mail/username and also creates
some additional load to make the window large enough.
This seems very feasible for an attacker.
Walter
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
