lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: chris at eff.org (Chris Palmer)
Subject: FAT32 input > output = null?

chris writes:

> This also works with the 2.4.24 Linux kernel (Slackware 9.1):

It's the shell, not the kernel. When you say "./foo > ./foo", the shell
interprets "> ./foo" FIRST and does something like open("foo", O_TRUNC |
O_CREAT). 

Take a look at any Unix shell document and the open(2) man page -- this
is old, known, documented behavior. It may violate the principle of
least surprise, but it's not a vulnerability in the proper sense.


-- 
Chris Palmer
Staff Technologist, Electronic Frontier Foundation
415 436 9333 x124 (desk), 415 305 5842 (cell)


Powered by blists - more mailing lists