Bugtraq mailing list archives
Re: GZEXE - the big problem
From: deraadt () CVS OPENBSD ORG (Theo de Raadt)
Date: Sat, 31 Jan 1998 11:07:01 -0700
GZEXE, part of gzip package, is a small utility which allows 'transparent' compressio any kind of executables (just like pklite under ms-dos). Unfortunatelly, it may be extremally dangerous. Here's the shell script used to decompression: if /usr/bin/tail +$skip $0 | "/usr/bin"/gzip -cd > /tmp/gztmp$$; then... [...] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ /tmp/gztmp$$ ${1+"$@"}; res=3D$? ^^^^^^^^^^^^
This /tmp race was fixed in the OpenBSD back in August... looks like OpenBSD 2.2 is not vulnerable.
Current thread:
- Re: GZEXE - the big problem Theo de Raadt (Jan 31)