Bugtraq mailing list archives
Re: HeliSec: StarOffice symlink exploit
From: Kurt Seifried <bugtraq () SEIFRIED ORG>
Date: Thu, 22 Feb 2001 14:34:17 -0700
StarOffice creates a temporary directory in /tmp called soffice.tmp, with permissions 0777. Into this directory other temporary files are
creates,
with the format: svZZZZ.tmp, where ZZZZ in a four or five digits number.
Staroffice honors $TMP, so create /home/foo/tmp and set your TMP variable. This is not a solution per se I know, but it does help (and more and more apps are honoring the $TMP/$TMPDIR variable). Kurt Seifried, seifried () securityportal com Securityportal - your focal point for security on the 'net
Current thread:
- HeliSec: StarOffice symlink exploit JeT Li (Feb 19)
- Re: HeliSec: StarOffice symlink exploit Peter W (Feb 20)
- Re: HeliSec: StarOffice symlink exploit Christian (Feb 22)
- Re: HeliSec: StarOffice symlink exploit JeT Li (Feb 22)
- Re: HeliSec: StarOffice symlink exploit Kurt Seifried (Feb 22)