netperf security problem

Andrew W. Flury (aflury@nas.nasa.gov)
Wed, 18 Nov 1998 13:57:54 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andrew W. Flury: "netperf security problem"
Previous message: Kevin M. Joyce: "Re: udp sockets !!"

In netperf-2.1pl3, netserver will follow symlinks when it creates its debug log
file (/tmp/netperf.debug by default). If somebody created a symlink from
/tmp/netperf.debug to some file you have write access to, the file will be
truncated. That's probably not a good thing. :) BTW, why is the unlink()
commented out? That wouldn've at least solved the problem if you were running
netserver as root (although that's not a great idea either) ;) Anyway,
something along these lines should fix it..

--- netserver.c Wed Apr 9 11:02:13 1997
+++ netserver.c Wed Nov 18 13:34:28 1998
@@ -540,8 +540,11 @@
}
}

-/* unlink(DEBUG_LOG_FILE); */
-
+ if (remove(DEBUG_LOG_FILE) < 0) {
+ perror("netserver: debug file");
+ exit(1);
+ }
+
if ((where = fopen(DEBUG_LOG_FILE, "w")) == NULL) {
perror("netserver: debug file");
exit(1);

--

Next message: Andrew W. Flury: "netperf security problem"
Previous message: Kevin M. Joyce: "Re: udp sockets !!"