Symlink Vulnerability in TIN – Inert Ramblings

Symlink Vulnerability in TIN

August 25, 1996

Improper handling of /tmp symlinks.

                                                       Monday, August 26, 1996
                                                                 The Litterbox
                                          Sean B. Hamor <[email protected]>
                                                                           TIN

Note:

  I'm not sure whether or not information this has been previously released.
  I found this earlier this evening while poking around, and apologize if
  I've just found an old bug.

  I verified the existence of this bug in TIN 1.2PL2 UNIX.


Synopsis:

  A problem exists in TIN where the .tin_log file in /tmp/ is created mode
  666.  Although this file is usually created the first time a user runs TIN
  and doesn't get deleted, a problem develops if root or the owner of that
  file deletes it while cleaning up /tmp/.

  If /tmp/.tin_log is deleted, a symbolic link may now be put in its place
  and be used to create/modify/delete files the victim has write access to.

Exploit:

  hamors (3 21:00) litterbox:/tmp> ln -s ~root/.rhosts /tmp/.tin_log

Verification:

  This vulnerability has been tested on Linux Slackware 3.0 (1.2.13) with
  TIN 1.2PL2.

EOF

Related Posts

Iron Maiden - Meet our Live Video Director
Iron Maiden is one of my all-time favorite bands, and what truly sets them apart is the astounding production quality of their live shows. The energy they bring to the stage is nothing short of mesmerizing, especially once you catch a glimpse of what goes on behind the scenes!
Google Is Forcing G Suite Legacy Free Edition Accounts To Upgrade To Paid Google Workspace Business Plans
Google Apps for Your Domain was subsequently rebranded as G Suite in 2016, then again rebranded as Google Workspace in late 2020. Multiple rebrands in such a short period of time foreshadowed this year’s shutdown of legacy free edition accounts. And then the announcement emails, articles, and class-action lawsuits started flying.
Understanding Print Sizes, Cropping, and Aspect Ratios When Ordering Photographic Prints
The emotion of a photograph, and the story that image portrays, can change dramatically depending on its aspect ratio, or how it’s been cropped. Many times, cropping a photo to a different aspect ratio is required to remove clutter or unwanted items, such as door frames, power outlets, trash cans, smoke detectors, etc. It’s for […]
Pelham Police Department and Salem Police Department Respond to Frederic Cutter Merriam Conservation Area
Police officers from both the Pelham Police Department and the Salem Police Department responded to a possible emergency in the Frederic Cutter Merriam Conservation Area this afternoon. According to the Pelham Police Department (NH) Facebook page and tip411, Sherburne Road was closed at 12:13 p.m. and reopened at 1:42 p.m.
Photo News and Journalism Roundup for Week Ending Sunday, August 30, 2020
Topics: Be Sure To Get Comprehensive, Itemized Quotes When Working With Local Businesses • Resources for Humans Virtual Conference • America Is Facing a Record Shortage of Poll Workers • Adobe MAX — The Creativity Conference • Adobe Creative Cloud Updates
Be Sure To Get Comprehensive, Itemized Quotes When Working With Local Businesses
My cousin, Brian Hamor, runs Hamor Architecture Associates LLC in Stowe, Vermont. He recently reached out, and asked for PC and monitor upgrade recommendations for AutoCAD, Archicad, Photoshop, and general office tasks.
The Infrastructure Behind Hamor Photography — Introduction: Beware of Business-class and Consumer-grade Internet
If you’re a sole proprietor, or run a small business, then chances are that you’re also your own technical support team. Nowadays, as an entrepreneur, it doesn’t matter what job title you’ve given yourself. You’ll also have to learn how to install and maintain your own network. That is, unless you can afford to hire […]
Daily Photo News and Journalism Roundup for Tuesday, July 28, 2020
Topics: We Hire Bloggers Who Immediately Stop Blogging • AP will continue to lowercase white • Stop Blogging on Medium If You Care About SEO
Daily Photo News and Journalism Roundup for Monday, July 27, 2020
Topics: Photojournalist and veteran combat medic Mike Hastie pepper sprayed in Portland • Trouble in Photography SEO Paradise with SmugMug and Squarespace
Trouble in Photography SEO Paradise With SmugMug and Squarespace
Gaining control over the first-page of search engine results for you and your business is critical to reputation management. It’s impossible to directly control the search engine results themselves but it is possible to influence them with quality content creation and proper Search Engine Optimization (SEO).

Trunkmonkey Racing

Dark Hollow Pond Trail – Phase 1 – April 27 with Greater Boston NEMBA
Trunkmonkey Racing will be in attendance at the Greater Boston NEMBA Dark Hollow Pond trail project at Middlesex Fells Reservation this coming Sunday (April 27, 2014). Come join us bright and early to move some dirt, build some singletrack, and open up Dark Hollow Pond to mountain bikes! For more information, please see the event […]
The Angels’ Share: Single Malt and Singletrack
Back in November an amazing video popped up in my Feedly called Angel’s Share: Exploring Scotland’s Singletrack and Single Malt. I’m a big fan of mountain biking. I’m a big fan of Scotch. And I’m a fan of Ben Howard whom I’ve heard a few times and was chosen for the soundtrack. But a couple […]
Chippoke’s Cabin Fever Maple Whisky Bacon Grease Infused Bacon Crumble Brown Sugar Caramelized Ghost Chile Chex Mix
What’s the best way to wind down after a hard day of trail building and mountain biking? Alcohol and bacon of course! And how do we combine the two into a single snack for uncomplicated gluttonous consumption? With Chippoke’s Cabin Fever Maple Whisky Bacon Grease Infused Bacon Crumble Brown Sugar Caramelized Ghost Chile Chex Mix! […]
Trunkmonkey Racing backs Mac Ride!
Trunkmonkey Racing backs Mac Ride! This is insanely cool. What happens when you cross a kid named Mac and a Mountain Bike? You get Mac Ride, a Kickstarter out of Vancouver, eh! From their Web site: It was my wish for our children to benefit from these same outdoor adventures as well as my passion for […]
Fezzari unveils revamped Web site and shiny new 2014 models!
Fezzari has totally revamped its Web site and unleashed the new Timp Peak 650b line as part of its new 2014 lineup. Check out all the new models on their Web site.
When counting calories watch out for reporting loops in your Apps.
Weight loss isn’t magic. Simply eat less calories than you burn. Easy peasy. That is unless you inadvertently sabotage yourself by getting too geeky and try to use too many nutrition and weight loss Apps to track and manage your progress. I found out the hard way that it’s best to Keep it Simple (Stupid). […]
Trunkmonkey Racing Ghetto Wheel Truing using Zipties
After 10 miles of rough trail riding on the old 1992 GT Karakoram Full Rigid my slightly out-of-true wheel became a significantly out-of-true wheel with a bent spoke; it was rubbing brake pad in four locations. I guess my fat ass bombing a downhill full of fist-sized loose rocks and small boulders was a bad […]
Airborne Bicycles gives a sneak peak of their new Guardian 29
It’s just a single photo, but Airborne Bicycles has posted a sneak peak photo of their new Guardian 29 on their Facebook page. Since the caption reads “A sneak-peak of one of the new models coming soon~!” there are probably more fresh designs in the pipeline! Speculation is running wild, but so far the consensus […]
Trunkmonkey Racing and Airborne Bicycles?
In my search for new Mountain Bikes I ran across Airborne Bicycles, a company that has an interesting offering of value-packed bikes (follow them on Facebook and Twitter). I’m intrigued by their product lineup, reviews, and press coverage so I applied to become a member of their Flight Crew. Hopefully the next time you see […]
Introducing the Canon PowerShot D20 – built for adventure
Order at Amazon or Adorama. The PowerShot D20 is the latest generation of Canon’s waterproof, shockproof, freezeproof, and dustproof D-series point and shoot camera line. It keeps the same 12.1 megapixel spec as the previous PowerShot D10 but gains GPS, Intelligent IS, better zoom, larger screen, higher ISO sensitivity, and an increased shockproof rating. So […]

Hedgamablog

Announcing Hedgehog Gifts by Hamor Hollow
Only the best hedgehog-themed gifts for yourself, for your friends, family, and loved ones, and of course for your tiny, prickly companion!
Socially-Distant Open House and Pickups (May 2020)
After shutting down our open houses and baby hedgehog pickups back in March, Kelly and I decided to take advantage of the warmer spring weather. We reviewed the New Hampshire Department of Health and Human Services COVID-19 Guidelines, and felt confident enough to maintain a safe environment. So we finally started organizing outdoor pickups!
Chippoke Cooks — Cabin Fever Maple Whisky Bacon Grease Infused Bacon Crumble Brown Sugar Caramelized Ghost Chile Chex Mix
What’s the best way to wind down after a hard day of trail building and mountain biking? Maple syrup and bacon of course! And how do we combine the two into a single snack for uncomplicated gluttonous consumption? With Chippoke’s Cabin Fever Maple Whisky Bacon Grease Infused Bacon Crumble Brown Sugar Caramelized Ghost Chile Chex […]
Chippoke Cooks — Habañero, Bacon, Egg, and 「Cream」 Cheese Chive Breakfast Muffin
Chippoke (and I) had a hankering for a hearty breakfast sandwich this morning. But the pre-packaged frozen sausage, egg, and cheese hockey pucks buried in the quarantine freezer just didn't seem to fit the mood.
American Hedgehog Warrior — Quarantine Edition — Course 5
Follow along as Pepper the Hedgehog devastates the American Hedgehog Warrior circuit! Although this video is absolutely adorable, it is rated PG for some colorful commentary.
American Hedgehog Warrior — Quarantine Edition — Course 4
Follow along as Pepper the Hedgehog devastates the American Hedgehog Warrior circuit! Although this video is absolutely adorable, it is rated PG for some colorful commentary.
American Hedgehog Warrior — Quarantine Edition — Course 3
Follow along as Pepper the Hedgehog devastates the American Hedgehog Warrior circuit! Although this video is absolutely adorable, it is rated PG for some colorful commentary.
American Hedgehog Warrior — Quarantine Edition — Course 2
Follow along as Pepper the Hedgehog devastates the American Hedgehog Warrior circuit! Although this video is absolutely adorable, it is rated PG for some colorful commentary.
American Hedgehog Warrior — Quarantine Edition — Course 1
Follow along as Pepper the Hedgehog devastates the American Hedgehog Warrior circuit! Although this video is absolutely adorable, it is rated PG for some colorful commentary.
Devin Supertramp's Hedgehog Christmas! In 4K!
This one is too cute not to pass on! Devin Supertramp hired some stunt hedgehogs for his latest extreme sports video!

Hamor Hollow Hedgehogs Articles

You and Your New Hedgehog — Heading Home and the First Two Weeks
The first two weeks with your hedgehog are the most important in shaping your new companion’s personality and how they will react around you!
How Much Does a Hedgehog Cost? What You Need and Total Cost of Ownership…
Here are basic, yearly, and additional costs for purchasing and taking care of a hedgehog. Please use this as a guideline, as costs will vary. Veterinary rates in particular may vary the most from one clinic to another.
Do Hedgehogs Bite?
It’s true. We admit it. All animals bite at some point. Even fish bite! How else do you think they end up on the business-end of a fishing pole?
Oh No! Does My Hedgehog Have Mites?
While mite infestations are not common you may have to deal with one or two throughout the life of your hedgehog. It’s important to be aware of the signs and to seek out immediate treatment from a knowledgeable exotics veterinarian.
Watch Me Grow – Baby Hedgehogs Growing Up!
See all the stages of development of baby hedgehogs from newborn to eight weeks old!
Are Hedgehogs Legal in My State?
Hedgehogs are now legal in all of New England and most of the United States! Unfortunately, hedgehogs are still illegal in California, Georgia, Hawaii, Pennsylvania, and The Five Boroughs of New York City.
Clipping and Trimming Hedgehog Nails
Clipping your hedgehog's nails may seem like a difficult and intimidating job. But, once you know what to do and get in a little practice, you'll see that it really isn't that hard!

Inert Ramblings. All Rights Reserved Theme by Grace Themes