Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections: Developer - High Performance - Infrastructure - IT Management - Security - Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs

Partner Sites
JustLinux.com
Linux Planet
PHPBuilder
Technology Jobs

Top White Papers

  • Increasing demands placed on IT, along with tightening budgets has prompted IT leaders to seek out alternative technologies and improved methods of providing...
    Download
  • The number, complexity, and diversity of cyber threats are soaring. Businesses are increasingly concerned about the risks they face and 91% of organizations...
    Download

Current Newswire:

More on LinuxToday

Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Justtechjobs.com Post A Job | Post A Resume

developerWorks: Preventing Race Conditions

Oct 12, 2004, 08:30 (0 Talkback[s])
(Other stories by David A. Wheeler)

[ Thanks to David A. Wheeler for this link. ]

"Using a stolen password, Mallory managed to log into an important server running Linux. The account was a very limited account, but Mallory knew how to cause trouble with it. Mallory installed and ran a trivial program with very odd behavior--it quickly created and removed many different symbolic link files in the /tmp directory, using a multitude of processes. (A symbolic link file, also called a symlink, is simply a file that when accessed redirects the requester to another file.) Mallory's program kept creating and removing many different symlinks pointing to the same special file: /etc/passwd, the password file.

"One of the security precautions on this important server was that every day it ran Tripwire--specifically, the older version 2.3.0. Tripwire is a security program that detects tampering of important files. As Tripwire started up it tried to create a temporary file, as many programs do..."

Complete Story

Related Stories: