[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security hole



> > a) the directory containing the file is writable by all (777)
> > b) the user has a read access (?!)
> 
> Is this the only cases these problems occur?

Yes, I believe so.

> > It took me a while before I found a couple of mezozoic kernels to be sure
> > this problem is not a 1.14.x related problem. It is not (a 1.12 allows the
> > same).
> 
> 1.14's fshandling is the the same as 1.12's.

Uhm, yes, but remember my 1.14.x kernel is compiled using gcc 2.7.2 and
the README says any gcc version past the 2.3.3 may cause troubles with
procfs etc. That's why I tested earlier kernels.

> I think these problems are very easily corrected and they are probably
> in MiNT's fs handling. Just pinpoint how the problems occur and look
> in the code that handle file removal.

Yes, now I want to research some things before I start to put my hands to
the MiNT code...

Konrad M.Kokoszkiewicz

mail:draco@nidus.mi.com.pl
     draco@irc.pl
     draco@piwo.bl.pg.gda.pl
     conradus@avanti.orient.uw.edu.pl
     conradus@plearn.edu.pl
     draco@nuova.id.uw.edu.pl
http://www.orient.uw.edu.pl/~conradus/
 IRC:[Draco]

*** Ea natura multitudinis est,
*** aut servit humiliter, aut superbe dominatur.
*************************************************
*** U pospolstwa normalne jest, ze albo sluzy ono
*** unizenie, albo bezczelnie sie panoszy.
                                           (Liv. XXIV, 25)