| New User, Welcome! Login |
Derek Martin
> || Now user2 is expected to be able to have read-access to the file via
> || (he opened it in step 2). If he attempts to write with ">&4" then it
> || silently fails (on Linux, anyway). But access via /proc/$$/fd/4 allows
> || write access.
>
> On Sat, Oct 24, 2009 at 01:46:17AM -0500, Derek Martin wrote:
>
> || That said, the user in the example already has access to the file (in
> || a running process), and would be able to do so again, *if he had
> || access to a directory where the file was hard-linked*. Pavel
> || described that the sysadmin checked for that, but even if this worked
On 2009-10-24 Derek Martin wrote:
> 1. It circumvents the fact that to write to a file, you MUST be able
> to write to its directory, so that the file attributes can be updated.
Wrong, because the file's attributes aren't stored in the directory, but
in the respective inode.
Regards
Ansgar Wiechers
--
On Mon, Oct 26, 2009 at 07:37:38PM +0100, Ansgar Wiechers wrote:
> On 2009-10-24 Derek Martin wrote:
> > 1. It circumvents the fact that to write to a file, you MUST be able
> > to write to its directory, so that the file attributes can be updated.
>
> Wrong, because the file's attributes aren't stored in the directory, but
> in the respective inode.
Ah, sorry, you're right, but if (as in the example) the user has no
permissions on the directory, he normally won't be able to write to
|| Now user2 is expected to be able to have read-access to the file via
|| (he opened it in step 2). If he attempts to write with ">&4" then it
|| silently fails (on Linux, anyway). But access via /proc/$$/fd/4 allows
|| write access.
On Sat, Oct 24, 2009 at 01:46:17AM -0500, Derek Martin wrote:
|| That said, the user in the example already has access to the file (in
|| a running process), and would be able to do so again, *if he had
|| access to a directory where the file was hard-linked*. Pavel
|| described that the sysadmin checked for that, but even if this worked
On Tue, Oct 27, 2009 at 03:34:04PM -0500, Derek Martin wrote:
> $ mkdir foo
> $ cd foo
> $ echo hi > bar
> $ ls -la
> total 12
> drwxr-xr-x 2 user1 group1 4096 2009-10-27 16:22 ./
> drwx------ 57 user1 group1 4096 2009-10-27 16:22 ../
> -rw-r--r-- 1 user1 group1 3 2009-10-27 16:22 bar
> $ chmod 000 .
On Tue, May 08, 2012 at 12:24:52PM -0500, Derek Martin wrote:
> Henrik Erkkonen has discovered that, through clever manipulation of
> environment variables on the ssh command line, it is possible to
> circumvent rssh. As far as I can tell, there is no way to effect a
> root compromise, except of course if the root account is the one
> you're attempting to protect with rssh...
>
> This project is old, and I have no interest in continuing to maintain
> it.
|
|
|
