Hi, I just found out that the setup program in slackware creates a file called hdtest in /tmp without checking for its existence. So a malicious user could just create a symlink to any root owned file and it will get fucked up when the administrator runs setup. In my case I just created a symlink to /etc/passwd and when I exit the setup the file contains only "EXIT" :-) Lemme know if something has been done about it already. --Suman /_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ Suman Saraf Software Engineer Mobile Satellites Project Hughes Software Systems Plot 31,Sector 18,Electronic City,Gurgaon. Tel:011-91-343703 Ext: 2423 PGP Keys on Request. http://www.hssworld.com /_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:44:48 PDT