From: Florian Weimer <fw@deneb.enyo.de>
Subject: Re: ACT announces availability of GNAT 3.14p
Date: Sun, 10 Feb 2002 20:23:50 +0100
Date: 2002-02-10T19:23:54+00:00 [thread overview]
Message-ID: <87n0yhf8e1.fsf@deneb.enyo.de> (raw)
In-Reply-To: 5ee5b646.0202101038.68b3b71f@posting.google.com
dewar@gnat.com (Robert Dewar) writes:
> We are of course aware of this bug report which was retired
> some time ago (but after 3.14p was frozen), but "security
> defect" is rather extreme considering how this is used.
> You can always use scary language like this to talk about
> anything, but it is a bit over the top in this case!
No, it isn't.
/tmp is shared on multi-user UNIX systems, and if a malicious local
user creates a symbolic link with a suitable name at the right time,
the output which is supposed to be written into a newly-created
temporary file is redirected to a different file instead, which can
have devastating effects (suppose that /etc/passwd is overwritten, for
example).
For many different pieces of software, it has been demonstrated over
and over again that such attacks are indeed possible, so this is not
just a theoretical issue. (BTW, this is also true for the buffer
overflow bug in the current FSF sources I reported for the second or
third time.)
A random sample of similar problems:
http://www.kb.cert.org/vuls/id/426273
http://www.kb.cert.org/vuls/id/626919
http://www.cert.org/vendor_bulletins/VB-97.05.lynx
http://www.ciac.org/ciac/bulletins/l-084.shtml
http://www.securityfocus.com/bid/3135
http://www.securiteam.com/unixfocus/5XP0M2A4BU.html
http://cert.uni-stuttgart.de/archive/win-sec-ssc/2000/09/msg00012.html
http://www.insecure.org/sploits/sam.hpux.race.html
> And if you think there is a "security defect" in the current version
> (I disagree), you should report it (to
> GNATS or report@gnat.com).
I have nothing to add to the old bug report. I think it contains all
the relevant information.
next prev parent reply other threads:[~2002-02-10 19:23 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-01-31 2:49 ACT announces availability of GNAT 3.14p Robert Dewar
2002-02-03 8:07 ` Leon Winslow
2002-02-03 10:56 ` Dmitry A. Kazakov
2002-02-03 14:18 ` Robert Dewar
2002-02-03 14:46 ` Samuel Tardieu
2002-02-03 19:53 ` Robert Dewar
2002-02-03 13:13 ` Larry Kilgallen
2002-02-03 13:47 ` Jeffrey Creem
2002-02-03 14:11 ` Robert Dewar
2002-02-03 16:50 ` Pascal Obry
2002-02-17 5:37 ` jim
2002-02-17 11:20 ` Pascal Obry
2002-02-04 14:13 ` Stephen Leake
2002-02-04 16:07 ` Stephen Leake
2002-02-04 17:18 ` Darren New
2002-02-04 18:36 ` Preben Randhol
2002-02-04 19:08 ` Pascal Obry
2002-02-06 21:36 ` Karl Ran
2002-02-07 8:15 ` Preben Randhol
2002-02-07 15:06 ` Stephen Leake
2002-02-08 1:09 ` Robert Dewar
2002-02-08 11:23 ` John English
2002-02-08 12:33 ` Georg Bauhaus
2002-02-10 18:22 ` Robert Dewar
2002-02-10 18:53 ` Matthew Woodcraft
2002-02-12 12:14 ` John English
2002-02-08 17:10 ` Stephen Leake
2002-02-10 9:26 ` Florian Weimer
2002-02-10 10:07 ` Florian Weimer
2002-02-10 9:26 ` Florian Weimer
2002-02-10 18:38 ` Robert Dewar
2002-02-10 19:23 ` Florian Weimer [this message]
2002-02-10 21:55 ` Robert Dewar
2002-02-10 22:05 ` Florian Weimer
2002-02-11 12:36 ` Robert Dewar
2002-02-11 15:09 ` Florian Weimer
2002-02-11 16:19 ` Larry Kilgallen
2002-02-11 16:49 ` Aidan Skinner
2002-02-11 19:16 ` Florian Weimer
2002-02-11 19:36 ` Larry Kilgallen
2002-02-12 2:18 ` Robert Dewar
2002-02-12 21:10 ` Florian Weimer
2002-02-12 21:59 ` Larry Kilgallen
2002-02-11 18:55 ` Samuel Tardieu
2002-02-12 14:47 ` Karl Ran
2002-02-12 15:28 ` Aidan Skinner
2002-02-12 15:51 ` David C. Hoos
2002-02-12 15:40 ` Florian Weimer
-- strict thread matches above, loose matches on Subject: below --
2002-01-31 8:22 Christoph Grein
2002-02-10 18:32 ` Robert Dewar
[not found] <0d3401c1b3dd$25df9ac0$453ab4d8@sy.com>
2002-02-12 15:47 ` Aidan Skinner
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox