Re: gpilotd & corba



On Thu, 17 Sep 1998, Michael Fulbright wrote:

> 
> deity@trinity.dbc.bib.dk said:
> > At a minimum I guess you just take a look at the existing path and
> > make
> > sure its really setup like you want before you use it.
> 
> > What do you mean ? 
> 
> What if you go in and make a link from /var/spool/gpilotd/drmike a file
> in my homedir just to be mean. This is before I've ever run gpiltod, so
> that it hasnt created that file yet.
> 
> When I run get around to running gpilotd for the first time, and it starts
> using /var/spool/gpilotd/drmike as a path, it will screw up the file
> you maliciously linked to.

Could someone please remind me why we are using /var/spool/gpilotd/$USER
instead of the users home dir?  Was it to ensure that a gpilotd running on
a given machine doesn't interfere with another one where homedirs are
shared via NFS?  
 
> This is my understanding of this attack. I think there are other possible 
> ways to take advantage of being able to predict the name of a file
> which is created in a publicly writable area.

In this case this shouldn't be an issue since /var/spool/gpilotd won't be
a publicly writable area.  It should only be used by global gpilotd and
since global gpilotd runs as root in can create the directory if it
doesn't exist and the existing file if it does.  global gpilotd can also
set correct perms so the /tmp style attacks should not be possible, I hope
:)

Manish Vachharajani
<mvachhar@vger.rutgers.edu>



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]