Re: hard links create local DoS vulnerability and security proble

From: Valdis . Kletnieks
Date: Mon Nov 24 2003 - 15:01:56 EST

Next message: Junio C Hamano: "Re: [OT] Re: Linux 2.6.0-test10"
Previous message: Andrew Morton: "Re: LSI53C1030 (Fustion MPT) performance"
In reply to: Mathieu Chouquet-Stringer: "Re: hard links create local DoS vulnerability and security proble"
Next in thread: Mathieu Chouquet-Stringer: "Re: hard links create local DoS vulnerability and security proble"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 24 Nov 2003 14:25:31 EST, Mathieu Chouquet-Stringer said:

> It's always been my understanding that you cannot have suid shell script
> because you could easily change the IFS. Am i wrong? (

IFS is just one of the *many* issues (there's also a ton of race conditions
caused by #! handling, among other things).

You don't like the shell script, feel free to substitude in the C-language
equivalent that was posted previously :)

(And yes, I did it intentionally - figuring that at least one user on the
list would actually do it and leave a set-UID something lying around to
shoot themselves in the foot with, so weaponry loaded with blanks seemed a
good idea... ;)

Attachment: pgp00001.pgp
Description: PGP signature

Next message: Junio C Hamano: "Re: [OT] Re: Linux 2.6.0-test10"
Previous message: Andrew Morton: "Re: LSI53C1030 (Fustion MPT) performance"
In reply to: Mathieu Chouquet-Stringer: "Re: hard links create local DoS vulnerability and security proble"
Next in thread: Mathieu Chouquet-Stringer: "Re: hard links create local DoS vulnerability and security proble"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]