Bugtraq mailing list archives
Re: in.fingerd follows sym-links on Solaris 8
From: Joep.Vesseur () Sun COM (Joep Vesseur)
Date: Fri, 25 May 2001 18:40:01 +0200
Lukasz,
I think about a case where a CGI script saves some important information in a temporary file, like PHP do with the sessions: -rw------- 1 nobody nobody 329 May 14 12:16 /tmp/sess_0cd156a633 When you have installed in.fingerd, and the in.fingerd is vulnerable, all local users are able to read the information from the files.
You should not run multiple daemons using the same 'unprivileged' account. Nobody itself is an extreemly poor choice since the sole intention of nobody's introduction was to map root to an unprivileged account when accessing files over NFS. Run your http daemon as user http (or something like that), and this problem disappears. Joep
Current thread:
- in.fingerd follows sym-links on Solaris 8 Lukasz Luzar (May 24)
- Re: in.fingerd follows sym-links on Solaris 8 Lyndon Nerenberg (May 24)
- <Possible follow-ups>
- Re: in.fingerd follows sym-links on Solaris 8 Matthew R. Potter (May 24)
- Re: in.fingerd follows sym-links on Solaris 8 Lukasz Luzar (May 25)
- Re: in.fingerd follows sym-links on Solaris 8 J. Bol (May 28)
- Re: in.fingerd follows sym-links on Solaris 8 Joep Vesseur (May 28)
- Re: in.fingerd follows sym-links on Solaris 8 Darren Moffat (May 28)