On Wed, 31 Mar 1999, Roman Drahtmueller wrote: > [snip] > > [lukasz@lt /tmp]$ ls -all /etc/shadow > > -r-------- 1 root root 544 Mar 30 00:04 /etc/shadow > [snip] > > [root@lt /root]# xfs & > [snip] > > [lukasz@lt /tmp]$ ls -all /etc/shadow > > -rwxrwxrwt 1 root root 544 Mar 30 00:04 /etc/shadow > [snip] > > Solution, As root before run xfs, make rm -rf /tmp/.font-unix > > For sure this needs to be fixed. Your "solution" introduces a race > condition, though, if the font server is started when users are > allowed to log on. > > A better interim aid is not to run xfs as root in the first place. In > fact, why would one want to run things as root if not necessary? > > Roman. > Computer Center University of Freiburg, Germany. > "The whole world is about three drinks behind." (Humphrey Bogart) > I would just like to say that Debian/GNU Linux Potato is not vulnerable to this xfs vulnerability.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:41:18 PDT