[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
WP8 Security bug
http://linux.corel.com/linux8/linuxfix.htm
I don't understand this. I can see that having 666 files in /tmp isn't
great. But I checked my installed files and the binary isn't suid root, so
why should there be any major security problem, as long as you don't run wp
as root?
-rwxr-xr-x 1 root root 8008636 Dec 17 22:00 xwp
>
> When Corel WordPerfect 8 for Linux loads, it creates a directory called /tmp/wpc-<hostname> (where <hostname> is the host
> name of your computer) that has the UMASK 777.
>
> Some necessary temporary files are stored in this folder, all containing the UMASK 666. When Corel WordPerfect 8 for Linux
> loads, it checks to see that these files exist, and if so, it will overwrite them.
>
> However, Corel WordPerfect 8 for Linux doesn't check to see if these files have been replaced with sym-links of the same
> name. If this has been done (perhaps to compromise system security), Corel WordPerfect 8 for Linux will follow those
> sym-links and, if it has the rights to do so (which it will if you install the application as "root"), it will overwrite the file pointed
> to by the sym-link. This problem could be used to exploit a system.
--
Itamar - itamars@ibm.net
-----------------------------o-------------------------------------o
Whole Pop Magazine Online | The only good morning is a dead one |
http://www.wholepop.com/ | -- Richard Stallman |