Security problem in Slackware.

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Aleph One: "Solaris printd security vulnerability"
• Previous message: Alan Cox: "Re: the purpose of dynamic memory allocation"
• Next in thread: Peter van Dijk: "Re: Security problem in Slackware."

I just found out that the setup program in slackware creates a file called
hdtest in /tmp without checking for its existence.

So a malicious user could just create a symlink to any root owned file and
it will get fucked up when the administrator runs setup.

In my case I just created a symlink to /etc/passwd and when I exit the
setup the file contains only "EXIT" :-)

Lemme know if something has been done about it already.

--Suman

/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
Suman Saraf Software Engineer
Mobile Satellites Project
Hughes Software Systems
Plot 31,Sector 18,Electronic City,Gurgaon.
Tel:011-91-343703 Ext: 2423
PGP Keys on Request. http://www.hssworld.com
/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/

• Next message: Aleph One: "Solaris printd security vulnerability"
• Previous message: Alan Cox: "Re: the purpose of dynamic memory allocation"
• Next in thread: Peter van Dijk: "Re: Security problem in Slackware."