Bugtraq mailing list archives

OSS nice tmp race

From: oghost () RAS-S84 NYC TRANSWIRE NET (the razor of love)
Date: Fri, 18 Dec 1998 20:05:06 -0500


This does not exist in the latest version of OSS on FreeBSD.  /tmp is
not used at all in any part of the package that I could find.

Version: OSS/FreeBSD 3.9.1i (C) 4Front Technologies 1996-1998
Kernel: FreeBSD 3.0-CURRENT #3: Wed Dec 16 22:10:00 EST 1998

Cheers,
Ben

---
Benjamin P. Grubin          / bgrubin () iss net - PGP key available
Sr. Systems Engineer       / ph/page (917) 975-2203 fax (212) 228-0404
Internet Security Systems / Diplomacy is the art of saying "nice doggy"
http://www.iss.net/      / until you can find a rock.




Stefan Laudat writes:

                Hello all,

        While digging in the "soundon" script delivered with the OSS package (the commercial
one, of course), I have discovered something very unusual on line 26

$MODTOOLS/insmod -V > /tmp/oss.tmp 2>&1
# KABOOM! "Hey, Beavis,  told ya it was plutonium"
MODVERS=`head -1 /tmp/oss.tmp|sed 's/.* //'`
rm -f /tmp/oss.tmp # too late, buddy!


Nice,huh? Just imagine that almost all soundcards are PnP today, there are few admins that
know how to play with isapnp and ALSA (yeah, it rulez), the soundcfg or soundconf (whatever)
script that comes with RedHat 5.x sucks big time and most of the ppl running LeeNw00x use
OSS that seems to be a very good tool for the average RewT, honestly. And thank God OSS knows
lots of soundcards! Most of you  are running the soundon script in rc.local, so the
satisfaction is guaranteed:


ln -s  /etc/inittab  (next boot you're dead)

Don't worry, support () opensound com has been already notified so they will correct the bug
ASAP I guess.
BTW there is no bugs () opensound com, so I love their  optimistic way of thinking.
I think  the correct code is :

## insert before line 26
if [ -L /tmp/oss.tmp ]
then
logger "Hey,man, you've got a naughty (l)user -- ".`ls -lsa /tmp/oss.tmp`

# die, lam0r! :)

rm /tmp/oss.tmp
fi

Take care :)

--
Stefan Laudat
System Engineer - Dragon Art

"Power comes from the barrel of the gun"

                        -- Mao Tze Dong

Current thread:

Re: wordperfect 8 for linux security, (continued)
- - Re: wordperfect 8 for linux security Keith Owens (Dec 18)
  - Irc: another funny stuff. In some irc clients dcc may be hijacked. awgn () COSMOS IT (Dec 19)
  - ValueClick CGI Vulnerability Philip Stoev (Dec 19)
  - FTP.SODRE.NET Hacked... Eggdrop Modified.. Geoffrey Huntley (Dec 19)
    - Re: FTP.SODRE.NET Hacked... Eggdrop Modified.. Matt Hallacy (Dec 19)
  - ip header id patched. awgn () COSMOS IT (Dec 19)
  - ValueClick Ellen (Dec 19)
- Re: OSS nice tmp race Pavel Kankovsky (Dec 18)
  - Re: OSS nice tmp race Dr. Mudge (Dec 18)
- Re: OSS nice tmp race Joel Eriksson (Dec 18)
- OSS nice tmp race the razor of love (Dec 18)
- Re: OSS nice tmp race Crispin Cowan (Dec 20)
- Re: OSS nice tmp race X-Force (Dec 21)
  - AOL client uses IP tunneling Aviram Jenik (Dec 21)
  - Re: your mail Craig A. Huegen (Dec 21)
    - Re: your mail Alan Cox (Dec 22)