On Tue, 2 Dec 1997, Roger Harrison ? wrote: > There was something a while ago on bugtraq about pinelock > files and how they were mode 666. This program I wrote takes this idea > and brings it a step further into an easy way to show why this is a > problem. My program <pinelock.csh> allows you to log off a user or kill > one of their processes IF they open up a second session of pine. It > isn't terribly useful, except for annoying a user. However, if root opens > up two sessions of pine, I can think of some interesting processes and > daemons which might be killed. Copies of this program will be stored > at http://kepler.poly.edu/~rharri01/. Click on files and > then click on pinelock.csh. Have fun! Not sure if this is the right thing to do, or if it will cause problems with other parts of pine but there is a quick fix. bash# diff env_unix.c~ env_unix.c 49c49 < static long lock_protection = 0666; --- > static long lock_protection = 0600; this file can be found in imap/c-client under the source tree of pine-3.96 and leaves the lock file mode 600: -rw------- 1 jbourne users 4 Dec 6 11:16 .2.21200505 IMHO opening/leaving any file on the file system mode 666 is a bad idea, esp if it's in a directory that has public write permissions. Regards, James Bourne > > -Iconoclast > iconoclastat_private -- James Bourne | E-Mail: jbourneat_private System Administrator | WWW: http://www.island.net Island Internet Inc. | Linux - The choice of a GNU generation
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:35:02 PDT