Re: gpilotd & corba

On Thu, 17 Sep 1998, Michael Fulbright wrote:

> What if you go in and make a link from /var/spool/gpilotd/drmike a file

But /var/spool/gpilotd is write-only for root or whoever the admin gpilotd
is. So you can't even rename your own spool directory.

> This is my understanding of this attack. I think there are other possible 
> ways to take advantage of being able to predict the name of a file
> which is created in a publicly writable area.

Yes, thats the classic /tmp attack, which also lets you devastate peoples
files if their compiler uses /tmp with a more or less fixed name .


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]