[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] FAT32 input > output = null?

To: chris <chris@xxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] FAT32 input > output = null?
From: Chris Palmer <chris@xxxxxxx>
Date: Wed, 7 Apr 2004 16:19:00 -0700

chris writes:

> This also works with the 2.4.24 Linux kernel (Slackware 9.1):

It's the shell, not the kernel. When you say "./foo > ./foo", the shell
interprets "> ./foo" FIRST and does something like open("foo", O_TRUNC |
O_CREAT). 

Take a look at any Unix shell document and the open(2) man page -- this
is old, known, documented behavior. It may violate the principle of
least surprise, but it's not a vulnerability in the proper sense.


-- 
Chris Palmer
Staff Technologist, Electronic Frontier Foundation
415 436 9333 x124 (desk), 415 305 5842 (cell)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] FAT32 input > output = null?
  - From: jamie

References:
- Re: [Full-Disclosure] FAT32 input > output = null?
  - From: chris

Prev by Date: [Full-Disclosure] Zsombor Bolyóczki/KHB/HU is out of the office.
Next by Date: RE: [Full-Disclosure] On PGP (was: Wiretap or Magic Lantern?)
Previous by thread: Re: [Full-Disclosure] FAT32 input > output = null?
Next by thread: Re: [Full-Disclosure] FAT32 input > output = null?
Index(es):
- Date
- Thread