[prev in list] [next in list] [prev in thread] [next in thread]
List: netatalk-devel
Subject: [Netatalk-devel] Netatalk 1.4.99 major security problem??
From: "Marc J. Miller" <mjmiller () davis ! com>
Date: 2000-10-06 7:40:10
[Download RAW message or body]
I'm going to test this on my machine tomorrow, but I could use some help in testing \
for a well-known attack. The "dropkludge" patch I wrote to alter the way permissions \
are handled when new files are written (targetted at fixing dropbox behavior but \
changes the behavior of all folders, dropbox or not) becomes root in order to change \
the owner of the file to match the owner of the directory.
I'd like some people who compiled netatalk 1.4.99 with dropkludge enabled to try \
copying a file into a directory called something like, "xyz; touch uh-oh" (without \
the quotes). I will test this on our linux server tomorrow, but I'd especially like \
help from people running FreeBSD and other netatalk-supported Unixes. If after \
attempting to copy that file, another file appears somewhere on your system called \
"uh-oh" which is owned by root and has a recent timestamp, then someone could just as \
easily copy a file called "goodbyefiles; cd /; rm -rf *". That would be very bad.
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 5.50.4207.2601" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ece7e3>
<DIV><FONT face=Arial size=2>I'm going to test this on my machine tomorrow, but
I could use some help in testing for a well-known attack. The "dropkludge"
patch I wrote to alter the way permissions are handled when new files are
written (targetted at fixing dropbox behavior but changes the behavior of all
folders, dropbox or not) becomes root in order to change the owner of the file
to match the owner of the directory. </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I'd like some people who compiled netatalk 1.4.99
with dropkludge enabled to try copying a file into a directory called something
like, "xyz; touch uh-oh" (without the quotes). I will test this on
our linux server tomorrow, but I'd especially like help from people running
FreeBSD and other netatalk-supported Unixes. If after attempting to copy
that file, another file appears somewhere on your system called "uh-oh" which is
owned by root and has a recent timestamp, then someone could just as easily copy
a file called "goodbyefiles; cd /; rm -rf *". That would be
very bad.</FONT></DIV></BODY></HTML>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic