Michael Stone wrote: > Generally it means that someone just learned something that people > already knew about.
I've never heard of this class of vulnerabilities, but I perhaps that just makes me a clueless security noob. Anyway, it was pointed out in a reply to the gzip bug that this kind of hole also facilitates social engineering attacks of the form "Could you please try to gunzip this file I have in my home directory, it doesn't seem to work?". Or "Hey Mr. alioth admin, /svn/d-i/locks went missing; some d-i people are screaming at me that they can't commit, and I can't log in because don't have my ssh key here. You just need to mkdir -m 2775 /svn/d-i/locks, please save me!" Personally I think that not making root need to audit simple unix tools of this type before being able to safely follow up on a user's request makes this class of holes worth fixing, in at least that set of tools, even if it's too widespread to fix everywhere. > Not quite. You can set the desired mode in the mkdir call, but you have > to alter the existing umask to make it less restrictive. You can't add > suid or sgid bits that way. Good point. -- see shy jo
signature.asc
Description: Digital signature
