On Wed, 6 Apr 2005, Imran Ghory wrote: > If a malicious local user has write access to a directory in which a > target user is using mkdir/mknod/mkfifo with the -m (mode setting > option) to create a file then a race condition bug can be exploited to > make the change of permission apply to any file belonging to that > user. ...and the next step will be an advisory about a race condition in chmod itself? Or, to be more precise, in the use of chmod, i.e. between the moment the user looks at the file and decides to change its attributes and the moment the change is done. And what about a nasty vulnerability in the shell making it possible to overwrite an arbitrary file of yours when you use ">" on a file in a directory writeable by other users? Not to mention hundreds of other programs being able to rewrite or modify existing files. Don't take me wrong: I understand there is a problem out there. But I am afraid its roots are much deeper than "there is a race condition in utility xyz". --Pavel Kankovsky aka Peak
