Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: /var/named world writeable in latest slack

From: Brian Poole <raj () CERIAS PURDUE EDU>
Date: Fri, 13 Oct 2000 12:35:48 -0500
From the ChangeLog it appears there were some modifications to the named

packages since 7.1 was released concerning permissions. I have forwarded
this thread onto a Slackware developer in case they would care to clarify,
but from the looks I would imagine this has been fixed.

Excerpt from ChangeLog:

n1/bind.tgz:  Patched install script to make /var/named (chmod 755) if it
              doesn't exist.
n1/tcpip1.tgz:  Install script no longer tries to make /var/named.

I imagine the tcpip package was making it with bad perms from the
comments. These patches were commited Tue Aug 29 19:50:15 PDT 2000
according to the ChangeLog.

ftp://ftp.slackware.com/pub/slackware/slackware-current/ChangeLog.txt

One must question why this was not made an issue of again, for which I
have no answer. Hopefully the Slackware development team will step up and
answer.


-b


On Thu, 12 Oct 2000, Dave McLaughlin wrote:


This is from a recent install I did of Slackware-current ( within the past
two weeks ):

drwxr-xr-x   2 root     root         1024 Oct  8 10:30 /var/named/

user@host#: less /etc/slackware-version
7.1.0

I downloaded it from ftp.slackware.com .

Dave McLaughlin


----- Original Message -----
From: "Jason Storm" <sec () ORGONE NEGATION NET>
To: <VULN-DEV () SECURITYFOCUS COM>
Sent: Wednesday, October 11, 2000 6:40 PM
Subject: /var/named world writeable in latest slack



I just installed the latest slack distro from ftp.freesoftware.com, not
the ISO btw, and /var/named was world writeable.

I did a search at securityfocus and nothing popped up, has anyone else
encountered this?


-jason storm
 negation industries
Previous By Date Next
Previous By Thread Next

Current thread: