On Fri, 16 Nov 2012 08:43:20 +0000 David Laight <david%l8s.co.uk@localhost> wrote: > On Thu, Nov 15, 2012 at 04:02:50PM -0500, Thor Lancelot Simon wrote: > > > > Look at that rationale carefully and I think you will see the race > > condition that it does not eliminate. Talk about a "solution > > looking for a problem"! > > You could create a temporary file, unlink it, copy the executable > into the new file, verify the the contents, and then exec the > unlinked temporary file. What you've done here is increase the complexity of the attack (win two races instead of one) but not eliminate it. Julian -- 3072D/F3A66B3A Julian Yon (2012 General Use) <pgp.2012%jry.me@localhost>
Attachment:
signature.asc
Description: PGP signature