X-RDate: Tue, 07 Apr 1998 08:31:06 +0600 (ESD)
Date: Mon, 6 Apr 1998 07:29:44 -0400
From: neonhaze <bmacdonald@SYD.AURACOM.COM>
To: BUGTRAQ@NETSPACE.ORG
Subject: insecure tmp file creation (slack)
Linux Slackware
I don't know which of these are already known so please bare with me.
When the following programs are run they create /tmp files that do not
check for links and will happily overwrite any file when the program is
running as root. So link one of them to your favorite root owned file you
would like to destroy (or edit in pkgtool's case) and wait for root to run
the affected program.
-Affected Program- -File created in /tmp- -Created File Perms-
liloconfig-color reply -rw-r--r--
pkgtool reply -rw-rw-rw-
makebootdisk return -rw-r--r--
netconfig tmpmsg -rw-r--r--
found by neonhaze <neonhaze@mailcity.com>
<bmacdonald@syd.auracom.com>
