Re: XFree86 3.3.2's setup tool /tmp race

From: Steve Bellovin (smbat_private)
Date: Mon Nov 09 1998 - 09:29:06 PST

Next message: The Tree of Life: "Re: FoolProof for PC Exploit"

Previous message: axon: "Re: FoolProof for PC Exploit"
Maybe in reply to: Adrian Voinea: "XFree86 3.3.2's setup tool /tmp race"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In message <Pine.LNX.4.03.9811081750370.13094-100000at_private>, Adrian Voin
ea writes:
> Hello,
>
> XFree86 3.3.2's setup tool 'xf86config', when it runs 'X -probeonly
> -pn -xf86config /tmp/XF86Config.tmp' creates 2 files with mode 644 in
> /tmp, XF86Config.tmp and dumbconfig.2 and then erases them:
>

...

Etc.

Is this really a problem?  On my system, at least (BSD/OS 4.0),
xf86config isn't setuid, so there's only an issue if someone privileged
runs it.  (If that's not the case, then there's a deeper underlying
security problem.)  And xf86config is the sort of program that one
would run when a machine is being set up, not when it's open to general
users.

Next message: The Tree of Life: "Re: FoolProof for PC Exploit"
Previous message: axon: "Re: FoolProof for PC Exploit"
Maybe in reply to: Adrian Voinea: "XFree86 3.3.2's setup tool /tmp race"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:22:30 PDT