Bugtraq mailing list archives

Re: SVGATextMode 1.8 /tmp race

From: bmc () VISI NET (Ben Collins)
Date: Thu, 22 Oct 1998 11:16:47 -0400


-----BEGIN PGP SIGNED MESSAGE-----

First off, savetextmode is NOT part of SVGATextMode, it is a script from
svgalib. I checked the savetextmode on my debian 2.0 system (svgalib
1.2.13):

[root@goodguy(11:10am)-~]%cat /usr/bin/savetextmode
#!/bin/sh

set -o noclobber

restoretextmode -w /dev/stdout > /tmp/textregs
restorefont -w /dev/stdout > /tmp/fontdata

The noclobber keeps it from overwriting any files. However, from the
origianl svgalib source the script looks like this:

[root@goodguy(11:13am)-~/svgalib-1.3.0/utils]%cat savetextmode
#!/bin/sh
restoretextmode -w /tmp/textregs
restorefont -w /tmp/fontdata

This WILL overwrite any files. So if you use the base svgalib, then
you have a problem. NOTE: The Debian package for svgalib 1.3 directs the
output to /etc/vga, so it is safe. I'm not sure if redhat has this changed
or not.

On Thu, 21 Oct 1999, Adrian Voinea wrote:

Hello,
savetextmode, a utility that comes with SVGATextMode 1.8, saves the text
mode data in /tmp, in two files with the mode 644:

[/tmp]
root@Death# ls -lA
total 1
drwxrwxrwx   2 root     gods         1024 Sep 24  1998 .X11-unix/

[/tmp]
root@Death# savetextmode
svgalib: Using S3 driver (Trio64, 4096K).
svgalib: s3: chipsets newer than S3-864 is not supported well yet.
svgalib: RAMDAC: Trio64: MCLK = 47.131 MHz

[/tmp]
root@Death# ls -lA
total 35
drwxrwxrwx   2 root     gods         1024 Sep 24  1998 .X11-unix/
-rw-r--r--   1 root     gods        32768 Oct 21 22:56 fontdata
-rw-r--r--   1 root     gods          385 Oct 21 22:56 textregs

- ------------------------------------------------
Ben Collins <b.m.collins () larc nasa gov>
UnixGroup Admin - NASA LaRC

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBNi9MZCo9WkFm9rsJAQHbbAP9EeG0NUGz0juhWAVe4xX1ax1b7ZWPnC1q
CTGuEn7YvlRSCjRNoNbtaf//YZfubMaJfGf4df3t53FPlD+FfAJsl6d1pT/E5QoS
RCBiT8Y2k2tAPPyXD9zR12vEMyBjEOXf9DZ/U7T40naTr27Pv4rEdmf8arZDtg6m
9gNrLl9nnKk=
=nvuw
-----END PGP SIGNATURE-----

Current thread:

SVGATextMode 1.8 /tmp race Adrian Voinea (Oct 21)
- License Manager's lockfiles (Solaris 2.5.1) Joel Eriksson (Oct 21)
  - Re : 13 tiny bytes to show the huge sillyness of our great common ga (Oct 23)
  - Re: License Manager's lockfiles (Solaris 2.5.1) pedward () WEBCOM COM (Oct 23)
  - Re: License Manager's lockfiles (Solaris 2.5.1) Roger Harrison ? (Oct 23)
    - Re: License Manager's lockfiles (Solaris 2.5.1) Peter Marelas (Oct 24)
- Re: SVGATextMode 1.8 /tmp race dumped (Oct 22)
- Re: SVGATextMode 1.8 /tmp race Ben Collins (Oct 22)
  - Re: SVGATextMode 1.8 /tmp race Marcelo Roccasalva (Oct 23)
- Incorrect behaviour of setre[ug]id in OpenBSD Will Waites (Oct 22)
  - Re: Incorrect behaviour of setre[ug]id in OpenBSD Will Waites (Oct 23)
  - slocate v1.4 klindsay (Oct 24)
  - Re: Incorrect behaviour of setre[ug]id in OpenBSD matthew green (Oct 24)
  - HP 11.0 sulog Problem Ron Youngclaus (Oct 26)