Bugtraq mailing list archives
Re: [BUG] Vulnerability in PINE
From: jason () oit co uk (Jason Haar)
Date: Thu, 29 Aug 1996 08:53:08 +0100
On Wed, 28 Aug 1996, Sean B. Hamor wrote:
The file is created mode 666 in /tmp with newer versions of PINE, however if newer versions of PINE see that /tmp/.user_lockfile is a symbolic link it warns the user, refuses to create the lockfile (the symbolic link is not
This check doesn't do you any good if they are capable of using hard links (i.e. if /tmp and the user's home directory are on the same partition, then a hard link works - I've done it). Shouldn't pine just check for links of any kind instead? Reporting this to the pine-bugs group too... Cheers, +++++++++++++++++++++++++++++++++++++++++++++++ Jason Haar, Unix/Internet Manager OiT, Oxford. Phone: +44 1865 785051
Current thread:
- Re: Tired of /tmp? Here's a proposed solution, (continued)
- Re: Tired of /tmp? Here's a proposed solution Guido M. Witmond (Aug 27)
- Re: Tired of /tmp? Here's a proposed solution Thomas Koenig (Aug 28)
- Re: Tired of /tmp? Here's a proposed solution Sean B. Hamor (Aug 28)
- Re: Tired of /tmp? Here's a proposed solution mdr () vodka sse att com (Aug 28)
- Rlogin vulnerabilty Gabriele Avosani (Aug 28)
- Re: Tired of /tmp? Here's a proposed solution Matthew J Brown (Aug 28)
- ftpbounce-0.1.tar.gz Rune Braathen (Aug 27)
- Re: [BUG] Vulnerability in PINE Linux Mailing Lists (Aug 28)
- Re: [BUG] Vulnerability in PINE Sean B. Hamor (Aug 28)
- Re: [BUG] Vulnerability in PINE Jason Haar (Aug 29)
- HOLE: Unixware 2.03: crontab -e Hannu Laurila (Aug 29)