Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Changes to the filesystem while find is running - comments?

from [Paul Szabo] Network Security [Permanent Link]
Subject: Re: Changes to the filesystem while find is running - comments?
Date: Tue, 23 Nov 2004 12:38:52 +1100 (EST) 
James,


  PARENT=stat(".");
  SUBDIR=stat("subdir");
  chdir("subdir");
  DOT=stat(".");
  if (SUBDIR != DOT) {
    Print warning message    /*[1]*/
  }
  else {
    Go on with find (recurse)
  }
  chdir("..");
  DOT=stat(".");
  if (PARENT != DOT) {
    Print message
    Exit with fatal error
  }


Certainly.  In fact it's how GNU findutils is implemented, except for
the fact that the "warning message" is a fatal error in GNU findutils
releases up to and including 4.2.5.  In later versions (we're
currently at 4.2.7 on ftp://alpha.gnu.org/gnu/findutils) a hack was
introduced to try to support a special case which works when we've
traversed an automount mount point on Solaris).


So, you already do the "where did I get back to after chdir(..)" check?


This algorithm is certainly robust, but it will never descend into an
automount directory hierarchy.  Do you think we can do better than
that without opening the door to more exploits?


Hmm... It would not descend into just-now-changed automounts (and it may
not be able to get back out of them), but it should be able to traverse
reasonably long-lived mounts.

Cheers,

Paul Szabo - psz@maths.usyd.edu.au  http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics  University of Sydney   2006  Australia
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Sun Java Plugin arbitrary package access vulnerability, Ken S
Next by Date:  Windows Mobile Pocket PC Security, kers0r
Previous by Thread:  Re: Changes to the filesystem while find is running - comments?, Martin Buchholz
Next by Thread:  Re: Changes to the filesystem while find is running - comments?, James Youngman
Indexes:  [Date] [Thread] [Top] [All Lists]