Evaluating Windows Security Descriptors.
Volker.Lendecke at SerNet.DE
Wed Dec 19 19:45:21 GMT 2007
On Wed, Dec 19, 2007 at 01:36:58PM -0600, Christopher R. Hertel wrote:
> > Can't be done that way without race conditions. As Volker
> > said, it must be in the kernel.
> Can you identify the race condition for me? I don't know where such a
> problem would manifest itself.
You do the access check in user space, you are swapped out,
someone comes in via posix and changes the file you try to
open for writing to /etc/shadow, and you're in. The old
access after check race condition.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20071219/7670a849/attachment.bin
More information about the samba-technical