> GZEXE, part of gzip package, is a small utility which allows > 'transparent' compressio any kind of executables (just like pklite > under ms-dos). Unfortunatelly, it may be extremally dangerous. Here's > the shell script used to decompression: > > if /usr/bin/tail +$skip $0 | "/usr/bin"/gzip -cd > /tmp/gztmp$$; then... > [...] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > /tmp/gztmp$$ ${1+"$@"}; res=3D$? > ^^^^^^^^^^^^ This /tmp race was fixed in the OpenBSD back in August... looks like OpenBSD 2.2 is not vulnerable.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:41:17 PDT