During installation of Netscape 6.01a for Solaris 2.7/8 Sparc, I noticed the file /tmp/admin.3842 was created with mode 644. As you already know if this package is installed by root in multiuser mode a malicious user could use this to overwrite system files etc.. Here is the dangerous code: # grep tmp ns6install cat >/tmp/admin.$$ <<EOF /usr/sbin/pkgrm -n -a /tmp/admin.$$ ${pkg}.* 2>&1 /usr/sbin/pkgadd -n -a /tmp/admin.$$ -d `pwd` $pkg 2>&1 # A temporary work around would be to shut the system down into single user mode, clean out /tmp and then install. In reference too: http://www.sun.com/solaris/netscape/index.html -- Larry http://vapid.dhs.org:8080
This archive was generated by hypermail 2b30 : Mon Aug 27 2001 - 11:18:23 PDT