Bugtraq mailing list archives
Re: Solaris patchadd(1) (3) symlink vulnerabilty
From: Paul Szabo <psz () MATHS USYD EDU AU>
Date: Tue, 19 Dec 2000 19:00:20 +1100
Jonathan Fortin <jfortin () REVELEX COM> wrote:
When patchadd is executed, It creates a temporary file called "/tmp/sh<pidofpatchadd>.1" , "/tmp/sh<pidofpatchadd>.2 , "/tmp/sh<pidofpatchadd>.3 and assigns them mode 666 ...
I guess that patchadd is a "sh" script using the "<<" construct, this being an instance of the bug I reported recently: http://www.securityfocus.com/templates/archive.pike?list=1&msg=200011230225.NAA19716 () milan maths usyd edu au This is essentially the same as the tcsh bug fixed recently in other OSs. Paul Szabo - psz () maths usyd edu au http://www.maths.usyd.edu.au:8000/u/psz/ School of Mathematics and Statistics University of Sydney 2006 Australia
Current thread:
- Solaris patchadd(1) (3) symlink vulnerabilty Jonathan Fortin (Dec 18)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Matthew Potter (Dec 20)
- <Possible follow-ups>
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Paul Szabo (Dec 19)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Dan Harkless (Dec 20)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Juergen P. Meier (Dec 20)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Juan M. Courcoul (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Cy Schubert - ITSD Open Systems Group (Dec 22)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Paul Szabo (Dec 20)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Peter W (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Juergen P. Meier (Dec 22)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Juan M. Courcoul (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Juergen P. Meier (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Paul Theodoropoulos (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Peter W (Dec 21)