Deleting */.clean before creating it is a good idea to overcome
symlink attacks. To be absolutely sure that the attacker cannot insert
a command in between, the creation command should be executed in a
noclobber environment.
I prepared a patch directly against /etc/init.d/bootclean.sh, which
closes this security hole and works very well. You can find it on
Message-ID: <email address hidden>
Date: Fri, 27 Aug 2004 11:46:51 +0200
From: Martin Pitt <email address hidden>
To: <email address hidden>
Cc: <email address hidden>
Subject: Proposed patch
--mYCpIKhGyMATD0i+ Disposition: inline Transfer- Encoding: quoted-printable
Content-Type: text/plain; charset=utf-8
Content-
Content-
tags 264234 patch
thanks
Hi Miquel!
Deleting */.clean before creating it is a good idea to overcome
symlink attacks. To be absolutely sure that the attacker cannot insert
a command in between, the creation command should be executed in a
noclobber environment.
I prepared a patch directly against /etc/init. d/bootclean. sh, which
closes this security hole and works very well. You can find it on
http:// fixthathole. no-name- yet.com/ patches/ sysvinit. 264234. diff
What do you think?
Thanks and have a nice day!
Martin
--=20 www.piware. de http:// www.debian. org
Martin Pitt Debian GNU/Linux Developer
<email address hidden> <email address hidden>
http://
--mYCpIKhGyMATD0i+ pgp-signature; name="signature .asc" Description: Digital signature Disposition: inline
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
nbV4Fd/ IRAlt/AJ9v7c3U2 lbm4HJKL/ G0oEkLye2MPQCff eRN ASB17imA=
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBLwMKDec
76mTgPT0rAQC76j
=RaSA
-----END PGP SIGNATURE-----
--mYCpIKhGyMATD 0i+--