search for: notatla

...due to the > winner being the first one to win the "race." Basically, if your program > checks permissions and then decides to do something with the information > it gathered, then does it, it will be vunerable to a race. A fairly crude way of checking for this is at http://www.notatla.demon.co.uk/SOFTWARE/SCANNER/scanner-1.0b.tar.gz Better to think about how you write the code though. > To handle this, you must put in a lot of thought. Generally, a file > operation is a serial resource that is being used in a multitasking > environment. The traditional ways to deal...

..., 0666); 2848 2849 if ((fd < 0) && (errno == EEXIST)) 2850 { 2851 free (redirectee_word); 2852 return (NOCLOBBER_REDIRECT); 2853 } 2854 } 2855 else 2856 { -- ############################################################## # Antonomasia ant@notatla.demon.co.uk # # See http://www.notatla.demon.co.uk/ # ##############################################################

...ink setuid programs should try to sanitize their environment: that will make them more complex and error-prone. Moreover it won''t help. The disk could be full after writing the tempfile halfway. -- REW] -- ############################################################## # Antonomasia ant@notatla.demon.co.uk # # See http://www.notatla.demon.co.uk/ # ##############################################################

Hi, I am building my own TCP daemon for easing some routine admin stuff... I am no expert on security,. I would really appreciate it if someone sent me some pointers to writing TCP daemons that are hacker-proof( i know there is nothing like that...but I do not want to be making mistakes in coding that are well known.. ;) The daemon runs as root....so that is why I am woried.... Thx, Arni

...task[1]->fs->root, sizeof(struct inode))) { And what would be the best response to a failure ? I'm logging and sending a SIGKILL, but I suspect that's not ideal. -- ############################################################## # Antonomasia ant@notatla.demon.co.uk # # See http://www.notatla.demon.co.uk/ # ##############################################################

...@redhat.com>; Wed, 1 Dec 1999 10:29:34 -0500 Received: from localhost (trevor@localhost) by blues.jpj.net (right/backatcha) with SMTP id KAA14912; Wed, 1 Dec 1999 10:29:30 -0500 (EST) Date: Wed, 1 Dec 1999 10:29:30 -0500 (EST) From: Trevor Johnson <trevor@jpj.net> To: Antonomasia <ant@notatla.demon.co.uk> cc: linux-security@redhat.com Subject: [linux-security] Re: Programming .... In-Reply-To: <199911271503.PAA00680@notatla.demon.co.uk> Message-ID: <Pine.BSI.3.96.991201102657.13146H-100000@blues.jpj.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Status:...