[patch] add modes to open call of ismounted
Erik Hovland
erik at hovland.org
Fri Jul 21 11:31:58 PDT 2006
On Thu, Jul 20, 2006 at 10:09:28PM -0400, Rich Felker wrote:
> On Thu, Jul 20, 2006 at 03:24:23PM -0700, Erik Hovland wrote:
> > The ismounted.c file makes a call to open using O_CREAT but does not
> > specify file permission modes. This is slightly dangerous since it is
> > plausible to exploit a file created with world writability. But is not
> > all that dangerous since the file does not live very long. It would take
> > a pretty savvy attacker to be able to slip in and do something bad
> > between the open and the unlink.
>
> No, it's very simple and this vuln is very serious. It's quite
> plausible that the file could be created with permissions 4777, in
> which case it would be easy to exploit. There are many standard
> methods to slow down a process between syscalls in order to widen the
> window for such attacks until it's easy to exploit.
Then by all means, scream in Rob's ear. I would love to see this whole
plugged up.
E
--
Erik Hovland
mail: erik AT hovland DOT org
web: http://hovland.org/
PGP/GPG public key available on request
More information about the busybox
mailing list