Xref: utzoo news.admin:4347 news.software.b:1808 comp.bugs.sys5:717 comp.bugs.misc:194 Path: utzoo!attcan!uunet!husc6!bloom-beacon!mit-eddie!killer!vector!rpp386!jfh From: jfh@rpp386.Dallas.TX.US (The Beach Bum) Newsgroups: news.admin,news.software.b,comp.bugs.sys5,comp.bugs.misc Subject: Re: mkdir() and security hole Summary: Time for Dan to put up or shut up. Message-ID: <10290@rpp386.Dallas.TX.US> Date: 22 Dec 88 13:19:40 GMT References: <9466@merch.TANDY.COM> <851@husc6.harvard.edu> <379@skep2.ATT.COM> <871@husc6.harvard.edu> Reply-To: jfh@rpp386.Dallas.TX.US (The Beach Bum) Organization: Big "D" Home for Wayward Hackers Lines: 24 In article <871@husc6.harvard.edu> ddl@husc6.harvard.edu (Dan Lanciani) writes: > Incidentally, the fix proposed by jfh@rpp386 (using dir/./. >as the target of the chown()) doesn't help either. It was a good >try (and happened to be included in the mkdir test mentioned above) >but breaks down since link() itself is not atomic. It is time for this Dan Lanciani person to shut up, or produce proof that these bug fixes do not work. I challenge him to produce a test which will break the mkdir Doug Davis provided with the patch I suggested. Furthermore, I am willing to let that test pound on my system for a day or more if needed. Failing this, I suggest we all add Mr. Laniciani to our official list of crackpots and throw him in the KILL file. The basis for my patch is that the link() call is PRIVILEGED. Since '.' in the context of the above referenced chown() MUST be a directory, the bad guy would have to be root. If Mr. Lanciani is assuming one may become root to break this program, then all bets are off, since Doug's entire assumption is based on the bad guy not becoming root. The bad guy simply can't create a forged directory structure without first BEING root. -- John F. Haugh II +-Quote of the Week:------------------- VoiceNet: (214) 250-3311 Data: -6272 |"Unix doesn't have bugs, InterNet: jfh@rpp386.Dallas.TX.US | Unix is a bug" UucpNet : !killer!rpp386!jfh +-- -- author forgotten --