[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WP8 Security bug



On Wed, 10 Mar 1999, Itamar S.-T. wrote:

>http://linux.corel.com/linux8/linuxfix.htm
>
>I don't understand this.  I can see that having 666 files in /tmp isn't
>great.  But I checked my installed files and the binary isn't suid root, so
>why should there be any major security problem, as long as you don't run wp
>as root?

If the files in /tmp are 666 ANYONE can delete and replace them with a
symlink to ANY readable file. It is to be shown that the permissions on wp
are not enough to overwrite some important file. Try this:

touch /etc/secure_file root.root 400

start xwp, stop xwp with kill -9, find a tmp file frmo it, delete it, and
link it to said /etc/secure_file. Then, restart xwp. Examine
/etc/secure_file from a shell.

bye,

	Peter