[patch] add modes to open call of ismounted
Rich Felker
dalias at aerifal.cx
Fri Jul 21 02:09:28 UTC 2006
On Thu, Jul 20, 2006 at 03:24:23PM -0700, Erik Hovland wrote:
> The ismounted.c file makes a call to open using O_CREAT but does not
> specify file permission modes. This is slightly dangerous since it is
> plausible to exploit a file created with world writability. But is not
> all that dangerous since the file does not live very long. It would take
> a pretty savvy attacker to be able to slip in and do something bad
> between the open and the unlink.
No, it's very simple and this vuln is very serious. It's quite
plausible that the file could be created with permissions 4777, in
which case it would be easy to exploit. There are many standard
methods to slow down a process between syscalls in order to widen the
window for such attacks until it's easy to exploit.
Rich
More information about the busybox
mailing list