Comment 20 for bug 357024
Revision history for this message
| Stephane Chazelas (stephane-chazelas) wrote Re: [Bug 357024] Re: security hole in /etc/cron.daily/apport | #20 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
9199653
demo site
(Get the code!)
2009-04-15 20:39:32 -0000, Jamie Strandboge:
> Marked as 'Low' based on the attack vector being limited to a timing-
> based symlink attack. Will update as needed as the impact is further
> evaluated.
[...]
It's a:
if (condition) action
race condition where there's an easy and obvious way (there
might be even simpler ways I've not thought of) for an attacker
to make the window for the race condition as large as he wishes,
so I wouldn't really call it a "timing based" one.
It's really a classical one which looks just like the poor
"cleaning /tmp scripts" found on some systems. I just found out
there's even a lengthy section about that in GNU find
documentation:
info find 'Security Considerations'
--
Stephane