Timeline for Code Vulnerability in Shell script
Current License: CC BY-SA 3.0
3 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Sep 18, 2015 at 21:59 | comment | added | Ángel |
Can we call an 'infinite long race condition' a race condition? Not really, that's why I called it a “race condition with no race”. The point is that they intended it as a race condition. If instead of /tmp it was a world-readable folder, you would have to exploit the race condition.
|
|
| Sep 18, 2015 at 11:19 | comment | added | goteguru |
Can we call an 'infinite long race condition' a race condition? Where is the race? However, because there is no chown just chmod and the file got never deleted, the attacker simply creates /tmp/shadowcopy beforehand and that's all. He will be the owner forever. chmod 600 wont help too much.
|
|
| May 13, 2015 at 23:42 | history | answered | Ángel | CC BY-SA 3.0 |