tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [PATCH] fexecve



On Fri, 16 Nov 2012 08:43:20 +0000
David Laight <david%l8s.co.uk@localhost> wrote:

> On Thu, Nov 15, 2012 at 04:02:50PM -0500, Thor Lancelot Simon wrote:
> > 
> > Look at that rationale carefully and I think you will see the race
> > condition that it does not eliminate.  Talk about a "solution
> > looking for a problem"!
> 
> You could create a temporary file, unlink it, copy the executable
> into the new file, verify the the contents, and then exec the
> unlinked temporary file.

What you've done here is increase the complexity of the attack (win two
races instead of one) but not eliminate it.


Julian

-- 
3072D/F3A66B3A Julian Yon (2012 General Use) <pgp.2012%jry.me@localhost>

Attachment: signature.asc
Description: PGP signature



Home | Main Index | Thread Index | Old Index