(no subject)

Matt Nichols (kgb@FLEX.NET)
Tue, 10 Mar 1998 20:05:56 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jeffrey Hutzelman: "Re: the purpose of dynamic memory allocation"
Previous message: Aleph One: "Administrivia"

Problem: 'netconfig' script on slackware 3.4 systems (probably earlier
versions also) , does not check to see if static tmpfiles already exist.
Any user can overwrite system files by creating a symlink in /tmp under a
filename used by 'netconfig'

netconfig creates: (without checking to see if they exist)
/tmp/elm.rc.OLD
/tmp/rc.inet1.OLD
/tmp/hosts.OLD
/tmp/resolv.conf.OLD

a user can create a symlink in /tmp like:
lwrxrwxrwx 1 kgb users 8 Mar 10 19:47 rc.inet1.OLD -> /vmlinuz

and wait for root to run 'netconfig' thus overwriting the victom file.
Although this is an unlikely situation, it is still possible.

- MultiSynk -
k g b @ f l e x . n e t

Next message: Jeffrey Hutzelman: "Re: the purpose of dynamic memory allocation"
Previous message: Aleph One: "Administrivia"