[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: Linux Security
From: Waldo Bastian <bastian () kde ! org>
Date: 2000-06-16 0:05:26
[Download RAW message or body]
True, this is a general problem of checkAccess(). (Which makes it basically
useless)
Cheers,
Waldo
On Thu, 15 Jun 2000, Christian Esken wrote:
> Hi,
>
> I am not yet subscribed to kde-core-devel, so I answer directly.
> Using checkAccess() will only make it a little bit more challenging.
>
> You can do link switching: This meansm an attacker can quickly
> change the link from a writable to a non-writable file. Thus, the
> attacker has created a race condition situation and will manange
> once in a while in overwriting files.
> The situation is not 100% safe.
>
> Christian
>
> On Thu, 15 Jun 2000, Matthias Hoelzer-Kluepfel wrote:
> > But for the kdelibs attacks, it would not have helped, as you
> > can also point the link to an existing file, and use the suid
> > application to overwrite or exchange it.
>
> I think checkAccess would catch that.
>
> Cheers,
> Waldo
--
Make way, KDE/Linux is coming to a desktop near you!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic