Bugtraq mailing list archives
Re: Possible Bug in CDE on HP-UX
From: kgb () FLEX NET (Matt Nichols)
Date: Tue, 10 Mar 1998 20:05:56 -0600
Problem: 'netconfig' script on slackware 3.4 systems (probably earlier versions also) , does not check to see if static tmpfiles already exist. Any user can overwrite system files by creating a symlink in /tmp under a filename used by 'netconfig' netconfig creates: (without checking to see if they exist) /tmp/elm.rc.OLD /tmp/rc.inet1.OLD /tmp/hosts.OLD /tmp/resolv.conf.OLD a user can create a symlink in /tmp like: lwrxrwxrwx 1 kgb users 8 Mar 10 19:47 rc.inet1.OLD -> /vmlinuz and wait for root to run 'netconfig' thus overwriting the victom file. Although this is an unlikely situation, it is still possible. - MultiSynk - k g b @ f l e x . n e t
Current thread:
- Re: Possible Bug in CDE on HP-UX Matt Nichols (Mar 10)