Please guide me if you know any special case like this :
Let's look at a historic case of a TOCTOU problem (introduced in [Bishop, 1996]): a broken version of the passwd command on SunOS and HP/UX machines. The UNIX utility program passwd allows someone to change a password entry, usually their own. In this particular version of the program, passwd took the name of a password file to manipulate as one of its parameters. The broken version of passwd works as follows when the user inputs a passwd file to use:
passwd step 1. Open the password file and read it in, retrieving the entry for the user running the program.
passwd step 2. Create and open a temporary file called ptmp in the same directory as the password file.
passwd step 3. Open the password file again, copying the unchanged contents into ptmp, while updating modified information.
Sendmail contains a race condition caused by the improper handling of asynchronous signals. In particular, by forcing the SMTP server to have an I/O timeout at exactly the correct instant, an attacker may be able to execute arbitrary code with the privileges of the Sendmail process.
abalfazl hossein wrote:Sendmail contains a race condition ....May someone explain more about this?
Did you read the original CERT warning?
I know enough about sendmail and security that I stay as far away from sendmail as possible. I run postfix on my servers, rather than sendmail. Too much of sendmail is layers upon layers of ancient code that no one understands and that no one dare change as so many places use it.
Postfix has all the functionality that 99% of systems need, its control parameters and properties are not obscure and its easy to setup.
posted 9 years ago
I want to know the details.I want to know how race condition make security hole
We begin by testing your absorbancy by exposing you to this tiny ad:
how do I do my own kindle-like thing - without amazon