Joey Hess wrote:
Martin Pitt wrote:
Maybe I understood you wrong, could you please give a small test case
which describes the vulnerability exactly?
I'm a wimp, so I will use gdb instead of writing some real exploit to
win the race.
It is quite easy to win the race when the file that's being deco
Joey Hess wrote:
Martin Pitt wrote:
Maybe I understood you wrong, could you please give a small test case
which describes the vulnerability exactly?
I'm a wimp, so I will use gdb instead of writing some real exploit to
win the race.
It is quite easy to win the race when the file that's being deco
Joey Hess wrote:
Martin Pitt wrote:
Maybe I understood you wrong, could you please give a small test case
which describes the vulnerability exactly?
I'm a wimp, so I will use gdb instead of writing some real exploit to
win the race.
It is quite easy to win the race when the file that's being deco
Joey Hess <[EMAIL PROTECTED]> wrote:
>> ... really dumb idea to have a group/world-writeable directory
>> without the sticky bit.
>
> It may be really dumb, but it's pretty common practice too. ...
> Just a few examples within the Debian project ...
Kindly add the Debian example:
[EMAIL PROTECT
Joey Hess <[EMAIL PROTECTED]> wrote:
>> ... really dumb idea to have a group/world-writeable directory
>> without the sticky bit.
>
> It may be really dumb, but it's pretty common practice too. ...
> Just a few examples within the Debian project ...
Kindly add the Debian example:
[EMAIL PROTECT
Joey Hess <[EMAIL PROTECTED]> wrote:
>> ... really dumb idea to have a group/world-writeable directory
>> without the sticky bit.
>
> It may be really dumb, but it's pretty common practice too. ...
> Just a few examples within the Debian project ...
Kindly add the Debian example:
[EMAIL PROTECT
Joey Hess wrote:
Martin Pitt wrote:
Maybe I understood you wrong, could you please give a small test case
which describes the vulnerability exactly?
I'm a wimp, so I will use gdb instead of writing some real exploit to
win the race.
It is quite easy to win the race when the file that's being deco
Joey Hess <[EMAIL PROTECTED]> wrote:
> I'm a wimp, so ... instead of writing some real exploit to win the race.
What race? A simple
perl -e 'while (1) { unlink("xyz") and link("/etc/passwd","xyz") and exit }'
should work.
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
S
Martin Pitt wrote:
> Of course the file can be removed by other users after gunzip has
> finished, but that is not a gzip bug, but the result of the really
> dumb idea to have a group/world-writeable directory without the sticky
> bit.
It may be really dumb, but it's pretty common practice too.
Gr
Martin Pitt wrote:
> Of course the file can be removed by other users after gunzip has
> finished, but that is not a gzip bug, but the result of the really
> dumb idea to have a group/world-writeable directory without the sticky
> bit.
It may be really dumb, but it's pretty common practice too.
Gr
Martin Pitt wrote:
> Of course the file can be removed by other users after gunzip has
> finished, but that is not a gzip bug, but the result of the really
> dumb idea to have a group/world-writeable directory without the sticky
> bit.
It may be really dumb, but it's pretty common practice too.
Gr
Martin Pitt wrote:
> Of course the file can be removed by other users after gunzip has
> finished, but that is not a gzip bug, but the result of the really
> dumb idea to have a group/world-writeable directory without the sticky
> bit.
It may be really dumb, but it's pretty common practice too.
Gr
Hi Imran!
Imran Ghory [2005-04-04 20:57 +0100]:
> Vulnerable software
>
>
> gzip 1.2.4 and 1.3.3 and previous versions running on unix.
>
> Vulnerability
> ==
>
> If a malicious local user has write access to a directory in which a
> target user is using gzip to
Hi Imran!
Imran Ghory [2005-04-04 20:57 +0100]:
> Vulnerable software
>
>
> gzip 1.2.4 and 1.3.3 and previous versions running on unix.
>
> Vulnerability
> ==
>
> If a malicious local user has write access to a directory in which a
> target user is using gzip to
Hi Imran!
Imran Ghory [2005-04-04 20:57 +0100]:
> Vulnerable software
>
>
> gzip 1.2.4 and 1.3.3 and previous versions running on unix.
>
> Vulnerability
> ==
>
> If a malicious local user has write access to a directory in which a
> target user is using gzip to
Hi Imran!
Imran Ghory [2005-04-04 20:57 +0100]:
> Vulnerable software
>
>
> gzip 1.2.4 and 1.3.3 and previous versions running on unix.
>
> Vulnerability
> ==
>
> If a malicious local user has write access to a directory in which a
> target user is using gzip to
16 matches
Mail list logo
