[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages

Some people wrote to me: your script is bad, it detects qemu, but qemu
is bugfree. 

ok, looking qemu:

qemu makes mount the directory /tmp/mount.$$. Attacker creates many
symlinks /tmp/dir.\d+ -> /etc and if qemu
(/usr/sbin/qemu-make-debian-root) starts then /etc goes
out from root directory tree. The result: system is unusable.

example of script for attacker:

perl -e 'symlink("/etc", "/tmp/mount.$_") for ($$ .. $$ + 10000)'

instead /etc attacker may select any system directory, for example /var,
/usr or even /.

of course I may be mistaken but I don't use qemu, sorry.

... mpd is off

. ''`. Dmitry E. Oboukhov
: :’  : unera@debian.org
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537

Attachment: signature.asc
Description: Digital signature

Reply to: