Re: [Full-Disclosure] Syscall implementation could lead to whether or not a file exists
From: Arjan van de Ven (arjanv@redhat.com)
Date: 04/07/03
- Previous message: debian-security-announce@lists.debian.org: "[Full-Disclosure] [SECURITY] [DSA 279-1] New metrics packages fix insecure temporary file creation"
- In reply to: Andrew Griffiths: "[Full-Disclosure] Syscall implementation could lead to whether or not a file exists"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Arjan van de Ven <arjanv@redhat.com> To: Andrew Griffiths <andrewg@d2.net.au> Date: 07 Apr 2003 12:47:00 +0200
On Wed, 2003-04-02 at 21:19, Andrew Griffiths wrote:
> Product: Linux and various other kernels
> Tested:
> - RedHat kernel 2.4.18-26.7.x (second latest ;))
> - RedHat kernel 2.4.18-27.7.x
> - Debian 3.0 box
> - FreeBSD 4.4
>
> Description:
>
> Due to the implementation of various system calls, it becomes
> possible to test whether or not a file exists in a directory
> that is unreadable.
.. by calling lstat(2). Ability to do lookup is controlled by _exec_
permissions, not read ones.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- application/pgp-signature attachment: This is a digitally signed message part
- Previous message: debian-security-announce@lists.debian.org: "[Full-Disclosure] [SECURITY] [DSA 279-1] New metrics packages fix insecure temporary file creation"
- In reply to: Andrew Griffiths: "[Full-Disclosure] Syscall implementation could lead to whether or not a file exists"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
Loading
