New extension: CRYPT target
Patrick Schaaf
bof at bof.de
Wed May 24 07:03:05 CEST 2006
> The idea of using a file is like this:
> 1- Being root, create a file called /root/file1.key
> #touch /root/file1.key
> #ls -al /root/file1.key
> -rw-r--r-- 1 root root 0 May 23 20:05 file1.key
Now the attacker can open the file (if they have permission to read
that directory, but I'm sure you didn't want to know that...)
> 2- Change permissions
> #chmod 600 /root/file1.key
> #ls -al /root/file1.key
> -rw------- 1 root root 0 May 23 20:05 file1.key
The attacker keeps the file open; this does not change anything.
> 3- Open /root/file1.key and add a key
And now the attacker can read the key from the still open file.
You should try to understand what people here are telling you.
best regards
Patrick
More information about the netfilter-devel
mailing list