This of course assumes you are running around an actual multiuser system without... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mioelnir on July 21, 2017 \| parent \| context \| favorite \| on: How I Tricked Symantec with a Fake Private Key This of course assumes you are running around an actual multiuser system without 1777 /tmp and 077 umask like it is 1989.

jwilk on July 21, 2017 [–]

All the attacker has to do is:

  touch /tmp/pubkey.pem
  chmod a+w /tmp/pubkey.pem

before the victim runs the code.

No sticky bit, no restrictive umask, also no protected_hardlinks/protected_symlinks is going to save you.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact