Re: pinelock.csh exploit

Jim Bourne (jbourne@ISLAND.NET)
Sat, 06 Dec 1997 11:17:48 -0800

On Tue, 2 Dec 1997, Roger Harrison ? wrote:

> There was something a while ago on bugtraq about pinelock
> files and how they were mode 666. This program I wrote takes this idea
> and brings it a step further into an easy way to show why this is a
> problem. My program <pinelock.csh> allows you to log off a user or kill
> one of their processes IF they open up a second session of pine. It
> isn't terribly useful, except for annoying a user. However, if root opens
> up two sessions of pine, I can think of some interesting processes and
> daemons which might be killed. Copies of this program will be stored
> at http://kepler.poly.edu/~rharri01/. Click on files and
> then click on pinelock.csh. Have fun!

Not sure if this is the right thing to do, or if it will cause problems with
other parts of pine but there is a quick fix.

bash# diff env_unix.c~ env_unix.c
49c49
< static long lock_protection = 0666;

---
> static long lock_protection = 0600;

this file can be found in imap/c-client under the source tree of pine-3.96 and leaves the lock file mode 600: -rw------- 1 jbourne users 4 Dec 6 11:16 .2.21200505

IMHO opening/leaving any file on the file system mode 666 is a bad idea, esp if it's in a directory that has public write permissions.

Regards, James Bourne

> > -Iconoclast > iconoclast@thepentagon.com

--
James Bourne           |            E-Mail:             jbourne@island.net
System Administrator   |            WWW:             http://www.island.net
Island Internet Inc.   |            Linux - The choice of a GNU generation