Bugtraq mailing list archives
Re: symlink bug in tin/rtin
From: nelson () PANGEIA COM BR (Nelson Murilo)
Date: Sat, 29 Mar 1997 15:29:21 -0300
On Sat, 29 Mar 1997, NetRunner wrote: }Small bug I discovered in the unix NEWS reader tin/rin. } }Then a user run rtin/tin a user-list will be created in /tmp/.tin_log }with mode 0666. and if a user makes a symlink from /etc/passwd (or any }file) to /tmp/.tin_log and root or another user with uid 0 runs rtin/tin, }tin will follow the symlink to /etc/passwd and change the mode to 0666. } }I hope no admin's are stupid enough to run rtin/tin as uid 0. :-) This is old problem, to fix add or change this line in Makefile: COPTS = -c -O -DDONT_LOG_USER and recompile rtin/tin package. }/NetRunner }nr () c64 org Regards, . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . N e l s o n M u r i l o Pangeia Informatica - Provedor de solucoes Internet. http://www.pangeia.com.br . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Current thread:
- buffer over in hp-ux 10.20 kernel C0WZ1LL4 () NETSPACE ORG (Mar 21)
- Re: New Sendmail bug Jeffrey Moyer (Mar 24)
- Re: New Sendmail bug Gonzo Granzeau (Mar 24)
- Re: New Sendmail bug Claude Scarpelli (Mar 25)
- Latest IE FIX from MS is a HOAX Aaron Spangler (Mar 25)
- Re: Latest IE FIX from MS is a HOAX Michael H. Warfield (Mar 25)
- ANNOUNCE : NTCrack v1.0 Jonathan Wilkins (Mar 27)
- There are more loopholes in LPD Patrick Powell (Mar 28)
- symlink bug in tin/rtin NetRunner (Mar 29)
- Re: symlink bug in tin/rtin Nelson Murilo (Mar 29)
- ANNOUNCE : NTCrack v2.0 Jonathan Wilkins (Mar 29)
- Re: New Sendmail bug Gonzo Granzeau (Mar 24)
- more sendmail poop *Hobbit* (Mar 25)
- Reported Sendmail 8.8.4 Exploit gshapiro () SENDMAIL ORG (Mar 25)
- minor vulnerability in ELM Dmitry E. Kim (Mar 26)
- FreeBSD-SA-97:02: Buffer overflow in lpd Aleph One (Mar 26)
- Re: New Sendmail bug Jeffrey Moyer (Mar 24)
- Cisco 2509/2511 Albert Siersema (Mar 24)
- Re: Cisco 2509/2511 Dan Brown (Mar 24)
- Re: Cisco 2509/2511 Erdinc KAYA (Mar 24)