| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6edf76c20807260533n7e32c8feu18b4838d177cf914@mail.gmail.com> Date: Sat, 26 Jul 2008 13:33:24 +0100 From: "Jan Minář" <rdancer@...ncer.org> To: "Steven M. Christey" <coley@...us.mitre.org> Cc: "Robert Buchholz" <rbu@...too.org>, vim-dev@....org, full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com, bugs@....org Subject: Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution On Fri, Jul 25, 2008 at 4:57 PM, Steven M. Christey <coley@...us.mitre.org> wrote: > > On Fri, 25 Jul 2008, [UTF-8] Jan MináÅ^Y wrote: > >> > The commands do not have to be written there between (1) and (2), they >> > can be in the file long before the ./configure was started -- just >> > because the script does care whether it can write to the file at all. >> > So unlike stated in the advisory, and in CVE-2008-3294, the issue does >> > not involve a race condition if the attacker would choose to create a >> > 644 file. >> >> The file gets truncated in (1). You're wrong, the advisory is right. > > Maybe the point here is that if the attacker owns the file and sets 644 > permissions, then the truncation won't happen since ./configure won't have > the permissions to modify the file. I stand corrected. I have updated the advisory. Thanks, Robert. Thanks to Steven for rephrasing. Jan.
Powered by blists - more mailing lists