This is the mail archive of the
cygwin-xfree@cygwin.com
mailing list for the Cygwin XFree86 project.
Re: Logfile symlink vulnerability
- From: Alexander Gottwald <alexander dot gottwald at s1999 dot tu-chemnitz dot de>
- To: cygwin-xfree at cygwin dot com
- Date: Mon, 22 Mar 2004 10:22:28 +0100 (MET)
- Subject: Re: Logfile symlink vulnerability
- References: <405DE40B.7040101@tromer.org>
- Reply-to: cygwin-xfree at cygwin dot com
On Sun, 21 Mar 2004, Eran Tromer wrote:
> Hi,
>
> If /tmp/XWin.log is a symlink, XWin will merrily follow it and write to
> whatever it's pointing to (see LogInit() in os/log.c). This allows
> standard symlink-following attacks.
>
> Some possible fixes:
> * Place the logfile somewhere in the user's home directory.
The log may get quite big and starts trashing the homedirectory.
> * Refuse to follow symlinks, or to write to existing files. Most users,
> failing to clean up logs, will not get new logs after the first failure.
What about removing the file before opening it for writing?
> * Give the logfile a unique filename, a la the "uniq" utility.
Not an option. For support reasons we require a uniqe name on all systems
so we can tell them to send in /tmp/XWin.log.
bye
ago
--
Alexander.Gottwald@s1999.tu-chemnitz.de
http://www.gotti.org ICQ: 126018723