[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: WP8 Security bug
On Wed, 10 Mar 1999, Itamar S.-T. wrote:
>http://linux.corel.com/linux8/linuxfix.htm
>
>I don't understand this. I can see that having 666 files in /tmp isn't
>great. But I checked my installed files and the binary isn't suid root, so
>why should there be any major security problem, as long as you don't run wp
>as root?
If the files in /tmp are 666 ANYONE can delete and replace them with a
symlink to ANY readable file. It is to be shown that the permissions on wp
are not enough to overwrite some important file. Try this:
touch /etc/secure_file root.root 400
start xwp, stop xwp with kill -9, find a tmp file frmo it, delete it, and
link it to said /etc/secure_file. Then, restart xwp. Examine
/etc/secure_file from a shell.
bye,
Peter