[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: [BUG] Vulnerability in PKGTOOL
From:       Jonathan Larmour <JLarmour () origin-at ! co ! uk>
Date:       1996-08-27 18:30:41
[Download RAW message or body]

At 09:57 27/08/96 -0400, Paul Nash wrote:
[snip]
>On the same note tin creates /tmp/.tin_log mode 666 aswell.. It's vulnerable
>to symlinks aswell.

However it doesn't complain if root creates /tmp/.tin_log mode 000, so
that's the easiest quick-fix, although take care when clearing /tmp.

Jonathan L.
Origin UK, 323 Cambridge Science Park, Cambridge, England. CB4 4WG.
Tel: +44 (1223) 423355    Fax: +44 (1223) 420724   E-mail: guess...
-------[ Do not think that every sad-eyed woman has loved and lost... ]------
-----------------------[ she may have got him. -Anon ]-----------------------
These opinions are all my own fault.

[prev in list] [next in list] [prev in thread] [next in thread]