The IBM eNetwork Firewall for AIX contains some poorly written scripts, which create temporary files in /tmp without making any attempt to validate the existance of the file. This allows any user with shell access to such a firewall to corrupt or possibly modify system files by creating links, pipes, etc with the same name. In a simple example submitted to IBM, /etc/passwd was overwritten. This example has been published on one of their support web pages as a 'local fix'. The problem was reported to IBM early in January. To the best of my knowledge, the correct procedures have been followed. Initially, IBM responded by telling me that it was common practice for software to make use of /tmp. They suggested changing the permissions to prevent users from creating symbolic links to sensitive files. An APAR (IR39562) was opened on 18/01/99 and closed on 13/03/99. The fix has not yet been released. This definately applies to version 3.2, and probably others. Anyone running this software and has users with shell accounts should be aware that the potential exists for these users to corrupt files which they dont have access to. cheers paul
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:47:07 PDT