Bugtraq mailing list archives
Bootpd 2.4.3 tmp race
From: marcelo () CONECTIVA COM BR (Marcelo Tosatti)
Date: Thu, 12 Nov 1998 06:13:03 -0200
Sorry if this is already known. I found a tmp race in bootpd 2.4.3. If the user do not specify a file to dump the database, bootpd will try to dump it in /tmp/bootpd.dump. Here goes the fix : diff -Nur bootp-2.4.3.orig/bootpd.c bootp-2.4.3/bootpd.c --- bootp-2.4.3.orig/bootpd.c Mon Mar 27 18:38:35 1995 +++ bootp-2.4.3/bootpd.c Thu Nov 12 05:57:39 1998 @@ -91,11 +91,9 @@ #ifndef CONFIG_FILE #define CONFIG_FILE "/etc/bootptab" #endif -#qifndef DUMPTAB_FILE -#define DUMPTAB_FILE "/tmp/bootpd.dump" -#endif - +char DUMPTAB_FILE [] = "/tmp/bootpd.dump.XXXXXX"; + /* * Externals, forward declarations, and global variables @@ -369,7 +367,8 @@ if (argc > 1) bootpd_dump = argv[1]; - + else + mktemp(DUMPTAB_FILE); /* * Get my hostname and IP address. */ Marcelo Tosatti Conectiva Internet Solutions
Current thread:
- Re: [Linux] klogd 1.3-22 buffer overflow, (continued)
- Re: [Linux] klogd 1.3-22 buffer overflow security () PENGUIN NET AU (Nov 17)
- Update to Microsoft Security Bulletin (MS98-015) Aleph One (Nov 18)
- Multiple KDE security vulnerabilities (root compromise) David G. Andersen (Nov 18)
- Sun Security Bulletin #00179 Aleph One (Nov 18)
- Re: Sun Security Bulletin #00179 Jonathan A. Zdziarski (Nov 19)
- Re: WWWBoard Vulnerability Spartak Radchenko (Nov 10)
- Re: WWWBoard Vulnerability Samuel Sparling (Nov 10)
- world-readable shadow backups in SuSe 5.2 HD Moore (Nov 10)
- mSQL dummies Peter Boutzev (Nov 11)
- Re: world-readable shadow backups in SuSe 5.2 Erik (Nov 11)
- Bootpd 2.4.3 tmp race Marcelo Tosatti (Nov 12)
- Re: world-readable shadow backups in SuSe 5.2 Roman Drahtmueller (Nov 12)
- More msql... Peter Boutzev (Nov 12)
- Re: world-readable shadow backups in SuSe 5.2 Andrew Pitman (Nov 11)
- Re: world-readable shadow backups in SuSe 5.2 xnec (Nov 11)