lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu Dec 15 17:28:05 2005 From: j.schipper at math.uu.nl (Joachim Schipper) Subject: Symlink attack techniques On Thu, Dec 15, 2005 at 01:09:49PM +0000, Werner Schalk wrote: > Hi, > > thanks for all the replies, I really appreciate this. > basically the cronjob is something like: > > 15 4 ?* * 6 ?root ?/usr/bin/find /home/userA -type f -print > /tmp/report.txt > > Consequently as userB I have no way of influencing what information is printed > by the find command to /tmp/report.txt but I can surely > control /tmp/report.txt. Any other ideas of how to exploit this to gain root > access? This is not generally possible. It's likely to viewed, though, and you can attack the viewing application (bad email clients, old vim versions, and most browsers apply). Of course, symlinking it to /etc/passwd is fun but ultimately pretty useless. Joachim
Powered by blists - more mailing lists