Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SVGATextMode 1.8 /tmp race

From: marcelo () UCONGRES EDU AR (Marcelo Roccasalva)
Date: Fri, 23 Oct 1998 15:30:11 -0300

On Thu, Oct 22, 1998 at 11:16:47AM -0400, Ben Collins wrote:

-----BEGIN PGP SIGNED MESSAGE-----

First off, savetextmode is NOT part of SVGATextMode, it is a script from
svgalib. I checked the savetextmode on my debian 2.0 system (svgalib
1.2.13):

[root@goodguy(11:10am)-~]%cat /usr/bin/savetextmode
#!/bin/sh

set -o noclobber

restoretextmode -w /dev/stdout > /tmp/textregs
restorefont -w /dev/stdout > /tmp/fontdata

The noclobber keeps it from overwriting any files. However, from the
origianl svgalib source the script looks like this:

[root@goodguy(11:13am)-~/svgalib-1.3.0/utils]%cat savetextmode
#!/bin/sh
restoretextmode -w /tmp/textregs
restorefont -w /tmp/fontdata

This WILL overwrite any files. So if you use the base svgalib, then
you have a problem. NOTE: The Debian package for svgalib 1.3 directs the
output to /etc/vga, so it is safe. I'm not sure if redhat has this changed
or not.


--
Redhat 5.1, last upgrade from their ftp site:

[root@kosa /root] # rpm -q svgalib
svgalib-1.2.13-5
[root@kosa /root] # cat /usr/bin/savetextmode
#!/bin/sh
restoretextmode -w /tmp/textregs
restorefont -w /tmp/fontdata
[root@kosa /root] #

-- Marcelo <marcelo.r () ucongres edu ar>
------------------------------------------------------------------------------
                  Hiroshima 45 -- Chernobyl 86 -- Windows 95
Previous By Date Next
Previous By Thread Next

Current thread: