[patch] add modes to open call of ismounted
Rich Felker
dalias at aerifal.cx
Sat Jul 22 01:20:24 UTC 2006
On Fri, Jul 21, 2006 at 11:31:58AM -0700, Erik Hovland wrote:
> On Thu, Jul 20, 2006 at 10:09:28PM -0400, Rich Felker wrote:
> > On Thu, Jul 20, 2006 at 03:24:23PM -0700, Erik Hovland wrote:
> > > The ismounted.c file makes a call to open using O_CREAT but does not
> > > specify file permission modes. This is slightly dangerous since it is
> > > plausible to exploit a file created with world writability. But is not
> > > all that dangerous since the file does not live very long. It would take
> > > a pretty savvy attacker to be able to slip in and do something bad
> > > between the open and the unlink.
> >
> > No, it's very simple and this vuln is very serious. It's quite
> > plausible that the file could be created with permissions 4777, in
> > which case it would be easy to exploit. There are many standard
> > methods to slow down a process between syscalls in order to widen the
> > window for such attacks until it's easy to exploit.
>
> Then by all means, scream in Rob's ear. I would love to see this whole
> plugged up.
I would but I think he has me in his spam filter..
Rich
More information about the busybox
mailing list