<<< Date Index >>>     <<< Thread Index >>>

Re: ================================ GNU Core Utilities race condition file-permissions vulnerability ================================ Software: mkdir, mknod, mkfifo Version: Part of GNU Core Utilities 5.



On Wed, 6 Apr 2005, Imran Ghory wrote:

> If a malicious local user has write access to a directory in which a
> target user is using mkdir/mknod/mkfifo with the -m (mode setting
> option) to create a file then a race condition bug can be exploited to
> make the change of permission apply to any file belonging to that
> user.

...and the next step will be an advisory about a race condition in
chmod itself? Or, to be more precise, in the use of chmod, i.e. between 
the moment the user looks at the file and decides to change its attributes 
and the moment the change is done.

And what about a nasty vulnerability in the shell making it possible to
overwrite an arbitrary file of yours when you use ">" on a file in a
directory writeable by other users? Not to mention hundreds of other 
programs being able to rewrite or modify existing files.

Don't take me wrong: I understand there is a problem out there. 
But I am afraid its roots are much deeper than "there is a race condition 
in utility xyz".

--Pavel Kankovsky aka Peak