[SuSE 9.0] possible symlink attacks in some scripts

[Rene <l0om () excluded org>]

Product: some scripts shipped with suse 9.0 
Date: 20.01.2004 
Author: l0om <l0om () excluded org> 
 
greetings, 
i have done a litte reseach on a SuSE linux 9.0 box 
for possible symlink attacks. i have checked nearly 
every script i could found on the system. i havent 
found much and nothing very special.i dont have a 
clue if the following scripts are somewhere on the 
system executed but maybe someone useses them in a 
script or something like that. 
 
 
** 
/usr/X11R6/bin/fvwm-bug 
[...] 
TEMP=/tmp/fvwm-bug.$$ 
[...] 
cat > $TEMP <<EOF 
[...] 
 
** 
/usr/X11R6/bin/wm-oldmenu2new 
[...] 
T=/tmp/wmmenu$$ 
[...] 
cp $OLD_MENU $T-c 
[...] 
 
** 
/usr/X11R6/bin/x11perfcomp 
[...] 
tmp=${TMPDIR-/tmp}/rates.$$ 
mkdir $tmp || exit 1 
[...] 
mkdir $tmp/rates 
[...] 
-l)     cp $2 $tmp/labels 
[...] 
rm -rf $tmp 
[...] 
 
** 
/usr/X11R6/bin/xf86debug 
[...] 
gdb << EOF &> /tmp/xf86debug.1.log 
echo "Debugger output written to /tmp/
xf86debug.1.log." #thx for that info 
[...] 
 
** 
/opt/kde3/bin/winpopup-send.sh 
echo "$2" > /tmp/.winpopup-new 
echo `date +"%a %l:%m %p"` >> /tmp/.winpopup-new 
cat "$1" | tr "\000" "\012" >> /tmp/.winpopup-new 
mv -f /tmp/.winpopup-new /tmp/.winpopup 
 
** 
/sbin/lvmcreate_initrd 
[...] 
DEVRAM=/tmp/initrd.$$ 
[...] 
verbose "using $DEVRAM as a temporary loopback file" 
#thx for that info 
dd if=/dev/zero of=$DEVRAM count=$INITRDSIZE bs=1024 
> /dev/null 2>&1 
[...] 
 
**********  greets @ proxy, takt, maximilian, sirius, 
dna, fe2k, xnet, zexl 
                           rest of excluded.org 
                     nofx, rancid, bad religion, less 
than jake ... 
                        www.excluded.org  --l0om 
                                have Phun!