[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: hard links on Linux create local DoS vulnerability and security problems

To: bugtraq@securityfocus.com, full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] Re: hard links on Linux create local DoS vulnerability and security problems
From: Seth Breidbart <sethb@panix.com>
Date: Mon, 24 Nov 2003 14:47:53 -0500 (EST)

> I think that your observation of the ability to keep a security hole open is
> very interesting, but, fortunately, it should be moot.

Even if not, it's easily avoidable: when you replace a setuid program,
truncate the existing file first, then chmod 000, then delete it.

The security hole only remains if you merely delete it.

Seth

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Re: hard links on Linux create local DoS vulnerability and security problems
  - From: "Alan J Rosenthal" <flaps@dgp.toronto.edu>

Prev by Date: [Full-Disclosure] Re: hard links on Linux create local DoS vulnerability and security problems
Next by Date: Re: [Full-Disclosure] os x 10.2.x has 8 character password limit
Previous by thread: [Full-Disclosure] Re: hard links on Linux create local DoS vulnerability and security problems
Next by thread: [Full-Disclosure] Re: hard links on Linux create local DoS vulnerability and security problems
Index(es):
- Date
- Thread