linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Ben Collins <bcollins@debian.org>
To: Larry McVoy <lm@work.bitmover.com>,
	"David S. Miller" <davem@redhat.com>,
	lm@bitmover.com, pavel@suse.cz, davej@suse.de,
	linux-kernel@vger.kernel.org
Subject: Re: Bitkeeper licence issues
Date: Tue, 19 Mar 2002 18:56:47 -0500	[thread overview]
Message-ID: <20020319235647.GD20722@blimpo.internal.net> (raw)
In-Reply-To: <20020319002241.K17410@suse.de> <20020319220631.GA1758@elf.ucw.cz> <20020319152502.J14877@work.bitmover.com> <20020319.152759.06816290.davem@redhat.com> <20020319154436.N14877@work.bitmover.com>

On Tue, Mar 19, 2002 at 03:44:36PM -0800, Larry McVoy wrote:
> On Tue, Mar 19, 2002 at 03:27:59PM -0800, David S. Miller wrote:
> >    From: Larry McVoy <lm@bitmover.com>
> >    Date: Tue, 19 Mar 2002 15:25:02 -0800
> > 
> >    Come on Pavel, in order to make this happen, you have to
> >    
> >    	a) run the installer as root
> >    	b) know the next pid which will be allocated
> >    	c) put the symlink in /tmp/installer$pid
> >    
> > Exploit: Make all 65535 $pid simlinks
> > 
> > It's very exploitable actually, and is similar in vein to
> > all the ancient mktemp stuff.
> 
> Hey Dave, are you suggesting that no such exploits exist in Red Hat's 
> rpm system?  In order for that to be true, rpm would have to be making
> sure that each and every directory along any path that it writes is
> not writable except by priviledged users.  I just checked, it doesn't.

That's because the admin would have had to change those perms on
purpose, which means they left themselves open to the attack.

Larry, check bugtraq archives. You'll see mounds of these types of
exploitable problems. All of them very serious.

> At some point, people get to take responsibility for their own choices.

Then just admit it was a bad thing and leave it be? :) Come on, it was a
mistake, and a very common one. Just don't make it out to be less than
what it is.

-- 
 .----------=======-=-======-=========-----------=====------------=-=-----.
/       Ben Collins    --    Debian GNU/Linux    --    WatchGuard.com      \
`          bcollins@debian.org   --   Ben.Collins@watchguard.com           '
 `---=========------=======-------------=-=-----=-===-======-------=--=---'

  parent reply	other threads:[~2002-03-20  0:01 UTC|newest]

Thread overview: 55+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-03-18 21:26 Bitkeeper licence issues Pavel Machek
2002-03-18 22:42 ` Larry McVoy
2002-03-18 23:14   ` Pavel Machek
2002-03-18 23:22     ` Dave Jones
2002-03-18 23:43       ` Pavel Machek
2002-03-19  8:35         ` Rik van Riel
2002-03-19  2:02       ` Larry McVoy
2002-03-19  8:21         ` Gerd Knorr
2002-03-19 15:11           ` Larry McVoy
2002-03-19 21:58         ` Pavel Machek
2002-03-19 22:04           ` Larry McVoy
     [not found]         ` <20020319215800.GN12260@atrey.karlin.m__.cuni.cz>
2002-03-20 22:42           ` Ton Hospel
2002-03-19 22:06       ` Pavel Machek
2002-03-19 23:25         ` Larry McVoy
2002-03-19 23:27           ` David S. Miller
2002-03-19 23:44             ` Larry McVoy
2002-03-19 23:45               ` David S. Miller
2002-03-19 23:54                 ` Matthew Kirkwood
2002-03-19 23:56               ` Ben Collins [this message]
2002-03-20 17:23               ` Martin Dalecki
2002-03-20 17:51                 ` Alan Cox
2002-03-20 18:04                   ` Martin Dalecki
2002-03-20 20:34                     ` Neil Booth
2002-03-19 23:34           ` Tom Rini
2002-03-20  0:09             ` Alan Cox
2002-03-24 11:44             ` Thunder from the hill
2002-03-20  7:57           ` Alexander Viro
2002-03-19  0:00     ` yodaiken
2002-03-19  1:29       ` David S. Miller
2002-03-19  1:18   ` Roman Zippel
2002-03-19  1:37     ` David S. Miller
2002-03-19 18:42       ` Roman Zippel
2002-03-19 19:09         ` Alan Cox
2002-03-19 20:01           ` Shane Nay
2002-03-19 23:08           ` Rik van Riel
2002-03-19 23:19             ` Robert Love
2002-03-19 23:26               ` Rik van Riel
2002-03-19 23:42                 ` Davide Libenzi
2002-03-19 23:31             ` yodaiken
2002-03-19 23:47               ` Larry McVoy
2002-03-20  0:02                 ` Thomas Dodd
2002-03-20  0:19                 ` Theodore Tso
2002-03-20  0:57                   ` Petko Manolov
2002-03-21 19:44                 ` Mark H. Wood
2002-03-21 20:29                   ` Shane Nay
2002-03-27 14:40                 ` Henning P. Schmiedehausen
2002-03-20  0:05               ` James Simmons
2002-03-19 20:35                 ` Andreas Dilger
2002-03-20  0:14                 ` Kurt Ferreira
2002-03-20  2:16                   ` Greg Hennessy
2002-03-20  0:57             ` Richard Gooch
2002-03-21 19:14           ` Roman Zippel
2002-03-21 20:54             ` Alan Cox
2002-03-22  0:02               ` Roman Zippel
2002-03-19  1:44     ` Anton Altaparmakov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20020319235647.GD20722@blimpo.internal.net \
    --to=bcollins@debian.org \
    --cc=davej@suse.de \
    --cc=davem@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lm@bitmover.com \
    --cc=lm@work.bitmover.com \
    --cc=pavel@suse.cz \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).