Bug#287601: vdradmin: Vdradmin.pl script vulnerable to symlink
attacks
Javier Fernández-Sanguino Peña
pkg-vdr-dvb-devel@lists.alioth.debian.org
Wed, 29 Dec 2004 12:40:04 +0100
--IiVenqGWf+H9Y6IX
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Dec 29, 2004 at 12:22:50PM +0100, Thomas Schmidt wrote:
> > I still need to check it further and do some tests before I open up the
> > bug...
>=20
> Thank you very much for your help, it would be very nice, if you could
> write some patches to resolve this problem, because it is the first
> time that i am confronted with such a problem, and i do not really know
> how to make these functions secure.
Well, google is your friend but I'll give you some pointers, if you try to=
=20
search for "symlink attack temporary race condition" you will get _lots_ of=
=20
bug reports and advisories related to this security issue.
For starters, the following documentation might be useful:
http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO.html#AVOID-RA=
CE
(a must read)
http://www.linuxsecurity.com/content/view/115462/151/
(covers shell scripts only)
Some courseware:
http://www.cs.purdue.edu/homes/cs390s/LectureNotes/Temp_&_Rand.pdf
http://www.cs.purdue.edu/homes/cs390s/LectureNotes/Temp_&_Rand.ppt
http://www.cerias.purdue.edu/secprog/class2/5.Links_&_Races.pdf
http://web.whittier.edu/jlutgen/rute/node47.html
Some articles:
http://seclab.cs.ucdavis.edu/projects/vulnerabilities/scriv/ucd-ecs-95-09.p=
df
http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf
(this is somewhat Tru64 specific, but quite good)
HTH
Javier
--IiVenqGWf+H9Y6IX
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFB0peUi4sehJTrj0oRAkhoAKCTwIVvEhVayXNcKtrx66P3VXCocgCfQyRk
empkMJ7NeuBRdpQYZfsy4J8=
=Bi6h
-----END PGP SIGNATURE-----
--IiVenqGWf+H9Y6IX--