Bugtraq mailing list archives
Re: Why you should avoid world-writable directories
From: gonzo () IRONMAN PLANETQUAKE COM (Gonzo Granzeau)
Date: Tue, 22 Dec 1998 10:51:36 -0800
As noted from previous sendmail issues, two of the stated problems can be solved by doing a correct disk structure. You cannot create hard links across across different partitions. That way, if you have a /, /usr, /tmp, and a /home, you should be okay if it drops it in tmp. You'd basically have to give their program it's own file system. This still doesn't change the fact that it is flawed, but if you are forced to use it... What's really funny is how often programs with 'secure' in the title usually have a few more security problems than normal... `8r) gonzo -- Gonzo Granzeau > Nothing the god of biomechanics gonzo () ironman planetquake com < won't let you into heaven for.. God, root, what's the difference...> -Roy Batty, _Blade Runner_
Current thread:
- [SecureXpert Labs Advisory SX-98.12.23-01] Widespread DoS, (continued)
- [SecureXpert Labs Advisory SX-98.12.23-01] Widespread DoS Richard Reiner (Dec 23)
- Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Updated) Anonymous (Dec 23)
- Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Casper Dik (Dec 24)
- Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Dima Volodin (Dec 25)
- Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Lamont Granquist (Dec 28)
- Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Igor Schein (Dec 28)
- Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Casper Dik (Dec 28)
- A few more fingerprinting techniques - time and netmask David G. Andersen (Dec 28)
- Microsoft Security Bulletin (MS98-020) aleph1 () UNDERGROUND ORG (Dec 23)
- Security Flaw in Cookies Implementation Oliver Lineham (Dec 23)
- Re: Why you should avoid world-writable directories Gonzo Granzeau (Dec 22)
- Re: Why you should avoid world-writable directories Kragen Sitaker (Dec 22)