[UNIX] Hardlink Vulnerability in 'script' Command

From: support@securiteam.com
Date: 12/13/01 

From: support@securiteam.com
To: list@securiteam.com
Date: Thu, 13 Dec 2001 20:21:14 +0100 (CET)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Hardlink Vulnerability in 'script' Command
------------------------------------------------------------------------

SUMMARY

The script command which is a part of the util-linux package contains a
silly hardlink vulnerability which could overwrite any file on the hard
disk. 'Script' is tool to save terminal sessions for later reference. By
default script creates a file called typescript for its log.

DETAILS

When executed as root , 'Script' overwrites hardlinks that could be set by
any user to any file on the hard disk. For instance, a malicious user can
place a hardlink 'typescript' to /etc/passwd (or any other file) in his
home directory. If the root user executes 'script' in that directory it
would cause 'script' to overwrite that file. 'Script' does check for
symlinks and asks if the symlink should be overwritten, it lacks checking
hardlinks.

Impact:
Low, as it is not likely that root users execute 'script' in a user's home
directory.

Vendor status:
Program has been fixed; the author/maintainer corrected it in the latest
version.

ADDITIONAL INFORMATION

The information has been provided by <mailto:m.v.berkum@obit.nl> Marco
van Berkum.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages

  • shell script and dd
    ... I tried to solve my problem and executed the following script: ... If I overwrite using "zero" and "urandom" data few times, ... My hard disk was never accessed although I set the "mknod" commands ... # define /dev/hda1 (output for dd-command) ...
    (comp.os.linux.security)
  • Re: Need reviews of HLA Adventure
    ... > And that's when it clicked that it was a script. ... having to edit the XML - several places - every time you ... if HLA promped me to overwrite existing .asm and .inc ...
    (alt.lang.asm)
  • Re: excel object
    ... Thanks for the reply but which one do I use to overwrite an existing file ... without a prompt. ... This script will be scheduled. ... In order to crete an excel object do I have to have excel ...
    (microsoft.public.scripting.vbscript)
  • Re: Script has stopped transfering files
    ... Once I ran this process that cleared the destination ... the script commenced without problem. ... >> have been no overwrite situations and the undefined OverWriteFiles ... >> Sammamish WA US ...
    (microsoft.public.scripting.vbscript)
  • Re: Script has stopped transfering files
    ... I found out that the normally when I run this script the destination ... directory is empty because of a process that clears out the .xml files after ... > name matches until now, If not, then there would have been no overwrite ...
    (microsoft.public.scripting.vbscript)