artswrapper's new braces (Re: artswrapper defanged)

Waldo Bastian bastian at
Thu Aug 8 18:42:41 BST 2002

On Wednesday 07 August 2002 08:28 pm, Kevin Puetz wrote:
> There is a (very) slight race in the checking of the permissions on the
> file... however, since the permission being looked for is ownership by
> root, the only user who could make anything of it is root. Since root had
> the right to make the module trusted anyway, this gains no elevation of
> priveledge.

You should use lstat then, otherwise an attacker can make a symlink that 
switches very fast between a root-owned module and a malicious module to 
exploit this race condition.

> The other issue in question is that of a root-owned .la file pointing to
> untrusted code. Since an ordinary user cannot create this exploit, and it
> should not exist in any default installation (the .la files and shared
> objects are created and installed at the same time, by the same user, with
> the same permissions) we did not feel this was an issue.

Are you sure it can't be faked into loading .so files with the same name from 
another location?

bastian at  |   SuSE Labs KDE Developer  |  bastian at

More information about the kde-core-devel mailing list