Linux and world-writable /tmp - UPDATE (fwd)

[Michal Zalewski <lcamtuf@xxxxxxxxxxxxxxxxxxx>]

[Aleph One: if you already accepted previous post, reject this one.]
[I had a problems with given URL so I decided to post module again.]

-

Thanks for interesting feedback on first release of RedTmp.
James Youngman <JYoungman@xxxxxxxxx> pointed out problems with suid
programs <-> user end communication (crontab, Xwindows, etc), and problems
with su when TMPDIR is set and exported.

I fixed problems, now module can be safely installed and should work just
fine. Version 0.3 is attached to this post, and also can be downloaded
from:

http://rast.lodz.pdi.net/~lcamtuf/pliki/redtmp.zip

Currenly, it shouldn't cause any problems with su sessions even if TMPDIR
is exported from privledged to unprivledged account; also, there are no
more problems with suid daemons/servers/mailers ;-)

-

Changes in release 0.3:

+ cute 'su' detection (by checking environmental variables order).

+ if file is present in /tmp but not present in redirected dir
  (eg. it's suid X server socket or crontab temp file), it's
  opened instead.

+ verify_area(...) - huh, forgive me :-)

_______________________________________________________________________
Michal Zalewski [lcamtuf@xxxxxxxxxxxxxxxxxxx] <= finger for pub PGP key
Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]
[echo "\$0&\$0">_;chmod +x _;./_] <=------=> [tel +48 (0) 22 813 25 86]


Attachment Converted: "d:\apps\e-mail\eudorapro\attach\redtmp.zip"