(no subject)

From: Matt Nichols (kgbat_private)
Date: Tue Mar 10 1998 - 18:05:56 PST

Next message: Alvaro Martinez Echevarria: "DoS (and possibly more) on MDaemon for NT/95"

Previous message: Jeffrey Hutzelman: "Re: the purpose of dynamic memory allocation"
Next in thread: bstat_private: "(no subject)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Problem: 'netconfig' script on slackware 3.4 systems (probably earlier
versions also) , does not check to see if static tmpfiles already exist.
Any user can overwrite system files by creating a symlink in /tmp under a
filename used by 'netconfig'

netconfig creates: (without checking to see if they exist)
/tmp/elm.rc.OLD
/tmp/rc.inet1.OLD
/tmp/hosts.OLD
/tmp/resolv.conf.OLD

a user can create a symlink in /tmp like:
lwrxrwxrwx   1 kgb   users    8 Mar 10 19:47 rc.inet1.OLD -> /vmlinuz

and wait for root to run 'netconfig' thus overwriting the victom file.
Although this is an unlikely situation, it is still possible.

     -  MultiSynk -
 k g b @ f l e x . n e t

Next message: Alvaro Martinez Echevarria: "DoS (and possibly more) on MDaemon for NT/95"
Previous message: Jeffrey Hutzelman: "Re: the purpose of dynamic memory allocation"
Next in thread: bstat_private: "(no subject)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:44:46 PDT