On 18:42 Wed 13 Aug , Brian May wrote:
> Dmitry E. Oboukhov wrote:
>> qemu makes mount the directory /tmp/mount.$$. Attacker creates many
>> symlinks /tmp/dir.\d+ -> /etc and if qemu
>> (/usr/sbin/qemu-make-debian-root) starts then /etc goes
>> out from root directory tree. The result: system is unusable.
>>
> I might be dense, but I don't get this.
> Attacker does:
> root@andean:/tmp# ln -s /etc /tmp/mount-1234
> Then the genuine user does:
> root@andean:/tmp# mkdir /tmp/mount-1234
> mkdir: cannot create directory `/tmp/mount-1234': File exists
> strace shows:
> mkdir("/tmp/pmount-1234", 0777) = -1 EEXIST (File exists)
> So, ok, this means the process can't continue any more (denial of
> service attack), and if the process does continue this is a problem,
> otherwise I can't see how this would bring the entire system down.
> Brian May
yes, set -e directive is present in this script :)
of cource
the report is needed to be verified by hand
for make separate by severity levels :)
I'll added few directives for check verifying scripts for 'set -e' :)
--
... mpd is off
. ''`. Dmitry E. Oboukhov
: :’ : unera@debian.org
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
`- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537
Attachment:
signature.asc
Description: Digital signature