I love this, your stufs always impressing me.. I have to much work on atm, (specially since im doing a hand in yur old P3 or P4 for a spankin new Ibm netvista p4 duacpu!) that was a mistake :s but, i will see what others in my channel think, i will post the tool and mark it as interest, and see what happenes, you never know :) it is afterall, Irc where most chats about this stuff happens. Anyhow, thanks again for your awesome inputs. xd
On 28 October 2011 07:11, halfdog <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Andrew Farmer wrote: >> On 2011-10-27, at 07:48, [email protected] wrote: >>> The other thing that people need to remember is that there's no >>> race condition that's so small that you can't hit it. If there's >>> a race condition, it *can* be won. >> >> And systems like inotify make filesystem races trivial to win. I >> wouldn't be surprised if you could win this particular race >> reliably by watching for the files bzexe drops and acting >> immediately when they show up. > > You might want to try out my tool from > http://www.halfdog.net/Security/2010/FilesystemRecursionAndSymlinks/ > from the references section at end of the page. With appropriate > watchcount parameter, it won every race against each backup system > tested back then. As to my knowledge, only tar was fixed so far. > Running it against cpio even triggers buffer overflow, so direct root > escalation might be possible. > > I haven't done proof for MS-Systems, does someone have interest in a > joint venture? > > hd > > - -- > http://www.halfdog.net/ > PGP: 156A AE98 B91F 0114 FE88 2BD8 C459 9386 feed a bee > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iEYEARECAAYFAk6puu4ACgkQxFmThv7tq+71xQCfTyOcgr+LEQtiMEWSjWu5xUBK > gsIAoJHIhCSpYgMJXX/0QNV59+aXtTyz > =0Dcq > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
