February 1st, 2006

Will you still remember what you know?

»

I was googling myself (was trying to look for some article I wrote on usenet many years ago) and found something else instead, an email I wrote about 11 years ago on BugTraq.

Just like to ask a stupid question. Is “5 -> [0301]:24718” a hard link or
is it a soft link? (sorry..i dont have the spec for /proc filesystem..)

If it is a soft link, then it is no bug. The soft link maybe own you you
but this doesnt means that inode 24718 is own by you. The ftp daemon may
continue to access /var/adm/utmp even though it has euid itself to
since it has open() the file while it is still root.

If it is a hard link, then we are in deep trouble. If i am not wrong,
/proc/<processid>/exe is also a link which actually points to the inode
of the program of the process. This means that anyone can overwrite or
modify any program they run by 1. run the program and then suspend it
2. ps and look for process id 3. Overwrite /proc/<processid>/exe with
their trojan version.

I think I wrote it while I was in Security Task Force, a precursor to SingCERT. Ya, I got a bit of white-hat hacker background but I am digressing.

What I am trying to say is I have trouble reading my own email 11 years later…I have vague understanding of what I said but somehow, I have forgotten about all those stuff I used to do…

Will I have trouble reading my own blog ten years later?

Comments are closed.