Security problem in Slackware.

From: Suman_Saraf (ssarafat_private)
Date: Wed Mar 11 1998 - 01:42:38 PST

Next message: Alan Cox: "Re: the purpose of dynamic memory allocation"

Previous message: Aleph One: "MDaemon SMTP Server Buffer Overflow's"
Next in thread: Peter van Dijk: "Re: Security problem in Slackware."
Reply: Peter van Dijk: "Re: Security problem in Slackware."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I just found out that the setup program in slackware creates a file called
hdtest in /tmp  without checking for its existence.

So a malicious user could just create a symlink to any root owned file and
it will get fucked up when the administrator runs setup.

In my case I just created a symlink to /etc/passwd and when I exit the
setup the file contains only "EXIT" :-)

Lemme know if something has been done about it already.

--Suman



/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
         Suman Saraf                  Software Engineer
               Mobile Satellites Project
                Hughes Software Systems
           Plot 31,Sector 18,Electronic City,Gurgaon.
               Tel:011-91-343703 Ext: 2423
       PGP Keys on Request. http://www.hssworld.com
/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/

Next message: Alan Cox: "Re: the purpose of dynamic memory allocation"
Previous message: Aleph One: "MDaemon SMTP Server Buffer Overflow's"
Next in thread: Peter van Dijk: "Re: Security problem in Slackware."
Reply: Peter van Dijk: "Re: Security problem in Slackware."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:44:48 PDT