Adobe Acrobat会建立全局可写文件发布时间:2001-08-23 更新时间:2001-08-23 严重程度:中 威胁程度:本地拒绝服务 错误类型:竞争条件 利用方式:服务器模式 受影响系统 LINUX版本:详细描述 Adobe会在HOME目录中建立全局可写的文件AdobeFnt.lst,可以导致一定的本地拒绝服务攻击,或则获得权限提升。 测试代码 ######################################################################## if [ ! -e $HOME/AdobeFnt.lst ]; then # AcroRead will happily create a world writable AdobeFnt.lst ... trap "rm -f $HOME/AdobeFnt.lst" 0 ln -s /dev/null $HOME/AdobeFnt.lst fi ######################################################################## #wrapper stuff to work around world writable ~/AdobeFnt.lst issues #directory we'll use, relative to HOME, to work around the problem kludgedir=.AdobeFnt.security_kludge_dir #check HOME isn't null [ X"$HOME" != X ] || { 1>&2 echo "$0: HOME is unset or null - aborting" exit 1 } #if pathname for our kludge directory exists if >>/dev/null 2>&1 ls -d "$HOME/$kludgedir" then #check that it's properly secured 2>>/dev/null ls -lLd "$HOME/$kludgedir" | >>/dev/null 2>&1 grep '^d....--.--' || { #not properly secured, complain and exit 1>&2 echo "$0: found $HOME/$kludgedir but expecting directory with no group or world write or execute permissions - aborting" exit 1 } else #"$HOME/$kludgedir" doesn't exist, make it (umask 077 && mkdir -p "$HOME/$kludgedir") #we should have properly secure "$HOME/$kludgedir" at this point, verify 2>>/dev/null ls -lLd "$HOME/$kludgedir" | >>/dev/null 2>&1 grep '^d....--.--' || { 1>&2 echo "$0: unable to create properly secured $HOME/$kludgedir - aborting" exit 1 } fi #does "$HOME"/AdobeFnt.lst exist in any form? if >>/dev/null 2>&1 ls -d "$HOME"/AdobeFnt.lst then #"$HOME"/AdobeFnt.lst may already be set up properly - check if [ X"`2>>/dev/null ls -ld "$HOME"/AdobeFnt.lst | sed -ne 's/^l.* -> \(.*\)/\1/p'`" != X"$kludgedir"/AdobeFnt.lst ] then #it's not what we were hoping for ... is it ordinary file? if [ ! -L "$HOME"/AdobeFnt.lst -a -f "$HOME"/AdobeFnt.lst ] then rm -f "$HOME"/AdobeFnt.lst #is it gone? [ ! -f "$HOME"/AdobeFnt.lst ] || { 1>&2 echo "$0: failed to remove $HOME/AdobeFnt.lst file - aboring" exit 1 } ln -s "$kludgedir"/AdobeFnt.lst "$HOME"/AdobeFnt.lst #test that "$HOME"/AdobeFnt.lst has been set up properly [ X"`2>>/dev/null ls -ld "$HOME"/AdobeFnt.lst | sed -ne 's/^l.* -> \(.*\)/\1/p'`" = X"$kludgedir"/AdobeFnt.lst ] || { 1>&2 echo "$0: failed to create proper secure $HOME/AdobeFnt.lst - aborting" exit 1 } else 1>&2 echo "$0: $HOME/AdobeFnt.lst isn't set up as we need it, please remove it - aborting" exit 1 fi fi else ln -s "$kludgedir"/AdobeFnt.lst "$HOME"/AdobeFnt.lst #test that "$HOME"/AdobeFnt.lst has been set up properly [ X"`2>>/dev/null ls -ld "$HOME"/AdobeFnt.lst | sed -ne 's/^l.* -> \(.*\)/\1/p'`" = X"$kludgedir"/AdobeFnt.lst ] || { 1>&2 echo "$0: failed to create proper secure $HOME/AdobeFnt.lst - aborting" exit 1 } fi #we're done with the kludgedir shell variable unset kludgedir ######################################################################## 解决方案 尚无 相关信息 |
