Re: gpilotd & corba
- From: Michael Fulbright <msf redhat com>
- To: gnome-pilot-list gnome org
- Subject: Re: gpilotd & corba
- Date: Thu, 17 Sep 1998 12:11:53 -0400
deity@trinity.dbc.bib.dk said:
> At a minimum I guess you just take a look at the existing path and
> make
> sure its really setup like you want before you use it.
> What do you mean ?
What if you go in and make a link from /var/spool/gpilotd/drmike a file
in my homedir just to be mean. This is before I've ever run gpiltod, so
that it hasnt created that file yet.
When I run get around to running gpilotd for the first time, and it starts
using /var/spool/gpilotd/drmike as a path, it will screw up the file
you maliciously linked to.
This is my understanding of this attack. I think there are other possible
ways to take advantage of being able to predict the name of a file
which is created in a publicly writable area.
Dr Mike
Dr Mike
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]