lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 28 Oct 2011 11:49:20 +1100 From: xD 0x41 <secn3t@...il.com> To: halfdog <me@...fdog.net> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Symlink vulnerabilities I love this, your stufs always impressing me.. I have to much work on atm, (specially since im doing a hand in yur old P3 or P4 for a spankin new Ibm netvista p4 duacpu!) that was a mistake :s but, i will see what others in my channel think, i will post the tool and mark it as interest, and see what happenes, you never know :) it is afterall, Irc where most chats about this stuff happens. Anyhow, thanks again for your awesome inputs. xd On 28 October 2011 07:11, halfdog <me@...fdog.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Andrew Farmer wrote: >> On 2011-10-27, at 07:48, Valdis.Kletnieks@...edu wrote: >>> The other thing that people need to remember is that there's no >>> race condition that's so small that you can't hit it. If there's >>> a race condition, it *can* be won. >> >> And systems like inotify make filesystem races trivial to win. I >> wouldn't be surprised if you could win this particular race >> reliably by watching for the files bzexe drops and acting >> immediately when they show up. > > You might want to try out my tool from > http://www.halfdog.net/Security/2010/FilesystemRecursionAndSymlinks/ > from the references section at end of the page. With appropriate > watchcount parameter, it won every race against each backup system > tested back then. As to my knowledge, only tar was fixed so far. > Running it against cpio even triggers buffer overflow, so direct root > escalation might be possible. > > I haven't done proof for MS-Systems, does someone have interest in a > joint venture? > > hd > > - -- > http://www.halfdog.net/ > PGP: 156A AE98 B91F 0114 FE88 2BD8 C459 9386 feed a bee > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iEYEARECAAYFAk6puu4ACgkQxFmThv7tq+71xQCfTyOcgr+LEQtiMEWSjWu5xUBK > gsIAoJHIhCSpYgMJXX/0QNV59+aXtTyz > =0Dcq > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists