[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: [BUG] Vulnerability in PINE
From:       Jason Haar <jason () oit ! co ! uk>
Date:       1996-08-29 8:53:08
[Download RAW message or body]

On Wed, 28 Aug 1996, Sean B. Hamor wrote:
> The file is created mode 666 in /tmp with newer versions of PINE, however if
> newer versions of PINE see that /tmp/.user_lockfile is a symbolic link it
> warns the user, refuses to create the lockfile (the symbolic link is not

This check doesn't do you any good if they are capable of using hard links
(i.e. if /tmp and the user's home directory are on the same partition,
then  a hard link works - I've done it). Shouldn't pine just check for
links of any kind instead?

Reporting this to the pine-bugs group too...

Cheers,
+++++++++++++++++++++++++++++++++++++++++++++++
Jason Haar, Unix/Internet Manager
OiT, Oxford. Phone:  +44 1865 785051

[prev in list] [next in list] [prev in thread] [next in thread]