[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CALCvwp7PiEkMZ5h-0QEk5PrY5yQ+O2H6--6DKpHQKGKAgUyuMw@mail.gmail.com>
Date: Fri, 28 Oct 2011 11:49:20 +1100
From: xD 0x41 <secn3t@...il.com>
To: halfdog <me@...fdog.net>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Symlink vulnerabilities
I love this, your stufs always impressing me.. I have to much work on
atm, (specially since im doing a hand in yur old P3 or P4 for a
spankin new Ibm netvista p4 duacpu!)
that was a mistake :s but, i will see what others in my channel think,
i will post the tool and mark it as interest, and see what happenes,
you never know :)
it is afterall, Irc where most chats about this stuff happens.
Anyhow, thanks again for your awesome inputs.
xd
On 28 October 2011 07:11, halfdog <me@...fdog.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Andrew Farmer wrote:
>> On 2011-10-27, at 07:48, Valdis.Kletnieks@...edu wrote:
>>> The other thing that people need to remember is that there's no
>>> race condition that's so small that you can't hit it. If there's
>>> a race condition, it *can* be won.
>>
>> And systems like inotify make filesystem races trivial to win. I
>> wouldn't be surprised if you could win this particular race
>> reliably by watching for the files bzexe drops and acting
>> immediately when they show up.
>
> You might want to try out my tool from
> http://www.halfdog.net/Security/2010/FilesystemRecursionAndSymlinks/
> from the references section at end of the page. With appropriate
> watchcount parameter, it won every race against each backup system
> tested back then. As to my knowledge, only tar was fixed so far.
> Running it against cpio even triggers buffer overflow, so direct root
> escalation might be possible.
>
> I haven't done proof for MS-Systems, does someone have interest in a
> joint venture?
>
> hd
>
> - --
> http://www.halfdog.net/
> PGP: 156A AE98 B91F 0114 FE88 2BD8 C459 9386 feed a bee
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
>
> iEYEARECAAYFAk6puu4ACgkQxFmThv7tq+71xQCfTyOcgr+LEQtiMEWSjWu5xUBK
> gsIAoJHIhCSpYgMJXX/0QNV59+aXtTyz
> =0Dcq
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists