Re: Announcement: Phrack 52

Olaf Kirch (okir@CALDERA.DE)
Wed, 28 Jan 1998 11:00:22 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Tony Hagale: "Microsoft responds to bug in Exchange Server"
Previous message: Joseph Jay Austin: "Security flaw in htmlscript"
Maybe in reply to: route@RESENTMENT.INFONEXUS.COM: "Announcement: Phrack 52"

Hi,

There's a Linux kernel patch floating on the net, and now has been
published in Phrack, that is supposed to make /tmp directories more
secure. In particular, it claims to keep users from creating hard
links in +t directories.

However the patch does not protect the rename call, so the following
should give you a hardlink to passwd in /tmp:

mkdir /tmp/foo (no sticky bit on foo)
ln /etc/passwd /tmp/foo
mv /tmp/{foo/,}passwd

Cheers
Olaf

Next message: Tony Hagale: "Microsoft responds to bug in Exchange Server"
Previous message: Joseph Jay Austin: "Security flaw in htmlscript"
Maybe in reply to: route@RESENTMENT.INFONEXUS.COM: "Announcement: Phrack 52"