('binary' encoding is not supported, stored as-is) At Wed, 18 Apr 2001 18:05:49 +0200 , Paul Starzetz <paulat_private> wrote: >There is symlink vulnerability in the vmware-mount.pl script which comes >with lates VMware. >While mounting virtual disk drives using the vmware-mount.pl script, a >temporary file named vmware-mount.pl.PID where PID is the current pid of >the command will be created in an insecure manner. VMWare likes to have a good, safe TMPDIR variable set: $ grep TMP vmware-mount.pl return defined($ENV{TMPDIR}) ? $ENV{TMPDIR} : "/tmp"; This is a simple variation on an old theme. Make sure you have safe TMP and TMPDIR variables set at all times. If you want a set of scripts for safely creating such dirs and setting env vars at login time, see my TMPDIR scripts at http://www.tux.org/~peterw/ These will also included with the soon-to-be-released Bastille 1.2.0 -Peter
This archive was generated by hypermail 2b30 : Fri Apr 20 2001 - 00:04:10 PDT