Re: [Clamav-users] Clam bugs/vulns (was Re: Tomasz, you're an id iot, and you don't even know it)

From: Dennis Peterson <dennispe_at_nospam>
Date: Thu Jan 03 2008 - 16:46:49 GMT
To: ClamAV users ML <clamav-users@lists.clamav.net>

Rob MacGregor wrote:
> On Jan 3, 2008 4:09 PM, Dennis Peterson <dennispe@inetnw.com> wrote:
>> The success of this requires a bit of serendipity as well. If for reasons of >> convenience the new TMPDIR is globally writeable then nothing has been accomplished >> which is why a global TMPDIR declaration is pointless.
>
> Well, yes and no. Let's take the following case:
>
> 1) You're using software which creates then executes a temporary file
> as .progname.day-of-month
> 2) The attacker knows this and has a remote attack to populate this
> file in /tmp to give themselves root access
> 3) You've globally defined TMPDIR to be /tmp/42/
> 4) Attack fails
>
> Ok, it doesn't help against a local attacker (and then you're in
> trouble anyway), but against any remote attack making assumptions
> about the location of temporary files it has some value.
>
> Besides, I made no statement about global declarations ;)
>

If 2) is true then 1), 3), and 4) are irrelevant.

Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html

This message: [ Message body ]
Next message: Jan-Pieter Cornet: "Re: [Clamav-users] TK53 Advisory #2: Multiple vulnerabilities in ClamAV"
Previous message: Paul Kosinski: "Re: [Clamav-users] Tomasz, you're an idiot, and you don't even know it"
In reply to: Rob MacGregor: "Re: [Clamav-users] Clam bugs/vulns (was Re: Tomasz, you're an id iot, and you don't even know it)"
Next in thread: Mark: "Re: [Clamav-users] Clam bugs/vulns (was Re: Tomasz, you're an id iot, and you don't even know it)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]