Svoboda | Graniru | BBC Russia | Golosameriki | Facebook

To install click the Add extension button. That's it.

The source code for the WIKI 2 extension is being checked by specialists of the Mozilla Foundation, Google, and Apple. You could also do it yourself at any point in time.

How to transfigure the Wikipedia

Would you like Wikipedia to always look as professional and up-to-date? We have created a browser extension. It will enhance any encyclopedic page you visit with the magic of the WIKI 2 technology.

Try it — you can delete it anytime.

Install in 5 seconds
4,5
Kelly Slayton
Congratulations on this excellent venture… what a great idea!
Alexander Grigorievskiy
I use WIKI 2 every day and almost forgot how the original Wikipedia looks like.
Live Statistics
English Articles
Improved in 24 Hours
Added in 24 Hours
Languages
Recent
Show all languages
What we do. Every page goes through several hundred of perfecting techniques; in live mode. Quite the same Wikipedia. Just better.
Great Wikipedia has got greater.
.
Leo
Newton
Brights
Milds

Symlink race

From Wikipedia, the free encyclopedia

A symlink race is a kind of software security vulnerability that results from a program creating files in an insecure manner.[1] A malicious user can create a symbolic link to a file not otherwise accessible to them. When the privileged program creates a file of the same name as the symbolic link, it actually creates the linked-to file instead, possibly inserting content desired by the malicious user (see example below), or even provided by the malicious user (as input to the program).

It is called a "race" because in its typical manifestation, the program checks to see if a file by that name already exists; if it does not exist, the program then creates the file. An attacker must create the link in the interval between the check and when the file is created.

A symlink race can happen with antivirus products that decide they will quarantine or delete a suspicious file, and then go ahead and do that. During the interval between decision and action, malicious software can replace the suspicious file with a system or antivirus file that the malicious software wants overwritten.[2]

Example

In this naive example, the Unix program foo is setuid. Its function is to retrieve information for the accounts specified by the user. For "efficiency", it sorts the requested accounts into a temporary file (/tmp/foo naturally) before making the queries.

The directory /tmp is world-writable. Malicious user Mallory creates a symbolic link to the file /root/.rhosts named /tmp/foo. Then, Mallory invokes foo with user as the requested account. The program creates the (temporary) file /tmp/foo (really creating /root/.rhosts) and puts information about the requested account (e.g. user password) in it. It removes the temporary file (merely removing the symbolic link).

Now the /root/.rhosts contains password information, which (if it even happens to be in the proper format) is the incantation necessary to allow anyone to use rlogin to log into the computer as the superuser.

In some Unix-systems there is a special flag O_NOFOLLOW for open(2) to prevent opening a file via a symbolic-link (dangling or otherwise) and has become standardized in POSIX.1-2008.

Workaround

The POSIX C standard library function mkstemp can be used to safely create temporary files. For shell scripts, the system utility mktemp(1) does the same thing.

References

  1. ^ "CAPEC-27: Leveraging Race Conditions via Symbolic Links". CAPEC.
  2. ^ "Symlink race bugs discovered in 28 antivirus products". ZDNet.
Stub icon

This Unix-related article is a stub. You can help Wikipedia by expanding it.

This page was last edited on 9 June 2024, at 08:43
Basis of this page is in Wikipedia. Text is available under the CC BY-SA 3.0 Unported License. Non-text media are available under their specified licenses. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc. WIKI 2 is an independent company and has no affiliation with Wikimedia Foundation.
Contact WIKI 2
Introduction
Terms of Service
Privacy Policy