------------------------------------------------------------- Title: Silly hardlink vulnerability in UNIX 'script' command Linux version maintainer: Andries Brouwer (Andries.Brouwer@cwi.nl) Bug found by: Marco van Berkum (m.v.berkum@obit.nl) Date: 17-12-2001 Priority: low ------------------------------------------------------------- Script command -------------- The script command which is part of the util-linux package (all UNICES are vulnerable, not only linux) contains a silly hardlink vulnerability which could overwrite any file on the harddisk. Script is a tool to save terminal sessions for later reference. By default script creates a file called typescript for its log. The problem ----------- Very simple, script (when executed as root) overwrites hardlinks that could be set by any user to any file on the harddisk. For instance, a malicious user can place a hardlink 'typescript' to /etc/passwd (or any other file) in his home directory. If the root user would execute script in that directory it would cause script to overwrite that file. Script does check for symlinks and asks if the symlink should be overwritten, it lacks checking hardlinks. Priority -------- Low, its not likely that root users execute script in a user's home directory. They could though, its a minor problem that must be fixed for that reason. Fix --- The util-linux maintainer was notified and fixed the problem in the next version. Still, all UNICES seem to have this problem. Just my 2 cents, Marco van Berkum -- _________________________________________________________________ | Marco van Berkum | m.v.berkum@obit.nl | 'Error #152 | | Security Engineer | MB17300-RIPE | Windows not found | | Network Admin | http://ws.obit.nl |(C)heer (P)arty (D)ance'| -----------------------------------------------------------------