On Fri, Jul 25, 2008 at 4:57 PM, Steven M. Christey <[EMAIL PROTECTED]> wrote: > > On Fri, 25 Jul 2008, [UTF-8] Jan MináÅ^Y wrote: > >> > The commands do not have to be written there between (1) and (2), they >> > can be in the file long before the ./configure was started -- just >> > because the script does care whether it can write to the file at all. >> > So unlike stated in the advisory, and in CVE-2008-3294, the issue does >> > not involve a race condition if the attacker would choose to create a >> > 644 file. >> >> The file gets truncated in (1). You're wrong, the advisory is right. > > Maybe the point here is that if the attacker owns the file and sets 644 > permissions, then the truncation won't happen since ./configure won't have > the permissions to modify the file.
I stand corrected. I have updated the advisory. Thanks, Robert. Thanks to Steven for rephrasing. Jan. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
