[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Linux Security
From:       Waldo Bastian <bastian () kde ! org>
Date:       2000-06-16 0:05:26
[Download RAW message or body]

True, this is a general problem of checkAccess(). (Which makes it basically 
useless)

Cheers,
Waldo

On Thu, 15 Jun 2000, Christian Esken wrote:
> Hi,
>
> I am not yet subscribed to kde-core-devel, so I answer directly.
> Using checkAccess() will only make it a little bit more challenging.
>
> You can do link switching: This meansm an attacker can quickly
> change the link from a writable to a non-writable file. Thus, the
> attacker has created a race condition situation and will manange
> once in a while in overwriting files.
> The situation is not 100% safe.
>
> Christian
>
> On Thu, 15 Jun 2000, Matthias Hoelzer-Kluepfel wrote:
> > But for the kdelibs attacks, it would not have helped, as you
> > can also point the link to an existing file, and use the suid
> > application to overwrite or exchange it.
>
> I think checkAccess would catch that.
>
> Cheers,
> Waldo

-- 
Make way, KDE/Linux is coming to a desktop near you!

[prev in list] [next in list] [prev in thread] [next in thread]