[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV Alleged Lynx security emergency

From: Scott McGee (Personal)
Subject: Re: LYNX-DEV Alleged Lynx security emergency
Date: Tue, 1 Jul 1997 15:55:24 -0600

Wayne Buttles <address@hidden> wrote:
>On Tue, 1 Jul 1997, Foteos Macrides wrote:
>>      I'm not sure what you mean by "it".  I'm the one who trashed
>> Scott's /dev/null trying out the spoofing LYNXDOWNLOAD: URL running
>> Lynx from a non-privileged account.  Are you saying that an
>>    fd = fopen("/dev/null", "w"); fclose(fd); remove("/dev/null");
>> sequence doing that, if that's it (haven't tried it explicitly :),
>> is normal on Unix, and if not, how did I do it? 
>The following as root will trash /dev/null
>#include <stdio.h>
>  FILE *fd;
>  fd = fopen("/dev/null", "w"); fclose(fd); remove("/dev/null");
>It will also trash /dev/null (on linux) as root su'd to a normal user.  If
>the system you are on gives normal users write access to that file then
>that also may open it up for trashing. 

Ah, after reading this, I did some checking, and Fote's account on SOL is
in the same group as the group ownership on /devices which has group write
permission. Thus, Fote and I could blow away /dev/null (which is a symbolic
link to an entry in /devices) from a normal shell. There is no mysterious
'extra' privileges being granted or required here!


Scott McGee: Salt Lake Community College Webmaster | When in danger,
___________________________________________________| or in doubt,
Email: address@hidden (Scott McGee)         | run in circles,
Web: | scream and shout.
My opinions do not necessarily reflect those of the College. Trust me!
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]