Thursday, July 10, 2008

I notify ...

I wonder it took so long to discover that DNS is vulnerable to a birthday attack :-)
A 16 bit ID in the DNS header never added any security and I doubt that source port randomization will.

Anyway... While I was hunting down some race conditions recently I remembered the
new inotify(2) system calls in recent Linux 2.6 kernels. Some of you might not be aware of
this, but this is an excellent way to win races. Beside that you can re-write tmp-watch to work
really reliable. While up-to-then tools (including my own) needed to rescan directories to find out changes
which was prone to error and racy in itself, you can now watch the lifetime of a file from creation,
during chmod until closing. The short screenshot shows the basics.
You can download the small helper program here.
It is very interesting to watch mail and print spoolers using this program! :-)
If you find any exploitable tmp-races using my program, feel free to credit and inotify me :-)


Anonymous said...

what linux kernel and glibc version is needed to successfully compile this? doesnt work here on 2.6.18 and glibc 2.3.6 :/ error: sys/inotify.h: Datei oder Verzeichnis nicht gefunden error: 'IN_ACCESS' was not declared in this scope error: 'IN_ATTRIB' was not declared in this scope

Anonymous said...

worked for me on a opensuse 10.2-11.0
and a fedora 8. kernel 2.6.22+ but should
work on older kernels too.

Anonymous said...

kind date for a birthday attack