Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!rutgers!bellcore!texbell!merch!doug@letni.UUCP From: doug@letni.UUCP Newsgroups: news.admin Subject: Re: mkdir() and security hole *****FIX**** Summary: Oh, yeah, how Keywords: mkdir hole fix Message-ID: <10048@merch.TANDY.COM> Date: 17 Dec 88 19:05:31 GMT References: <9466@merch.TANDY.COM> <851@husc6.harvard.edu> Sender: doug@merch.TANDY.COM Reply-To: doug@letni.UUCP Organization: lawnet Lines: 39 In article <851@husc6.harvard.edu> ddl@husc6.harvard.edu (Dan Lanciani) writes: > > The proposed mkdir replacement does not solve the problem. I >do not know if it introduces additional problems of its own, but I >would not recommend running it since the gain in security is minimal. >I will not describe in detail the variation required to subvert the >mkdir replacement, but consider the interval immediately before its >chown() call. Before you go bashing peoples code with induendos about how it supposably does not work, why don't you do the author(s) a favor and send them either private mail, or call them on the phone. Since its very easy to say %s program doesn't work and you shouldn't run it, and I won't go into why. It makes me wonder if either my program really does have a problem, in which case I do need to know, or you didn't pay enough attention to how the program ran. Especially the area immediately before and right after the chown() call, look at what directory is getting chown'ed and what permissions it's parent has. So my advice to the net is to make your own discisions on what to run the original /bin/mkdir Which does have a problem. My mkdir which might have a problem, or it might not, but either way is more secure than /bin/mkdir. I really don't think that there is a problem with even posting a way to get around my mkdir, since its not the standard mkdir program, and undoubtably will not have the same security problems. doug -- Lawnet 1030 Pleasent Valley Lane. Arlington Texas 76015 817-467-3740 { sys1.tandy.com, motown!sys1, uiucuxc!sys1, killer!texbell } letni!doug "Talk about holes in UNIX, geeze thats nothing compaired with the security problems in the ship control programs of StarFleet."