Home page logo
/

bugtraq logo Bugtraq mailing list archives

OpenWindows 3 possible security problem?
From: scott () Disclosure COM (Scott Barman)
Date: Mon, 22 May 1995 15:04:42 -0400 (EDT)


While poking around the system (SPARC Classic running SunOS 4.1.3_U1)
looking for a lost file, I stumbled across a couple of files that looked
interesting:

-rw-rw-rw-  1 scott          20 May 19 14:12 /tmp/ttyselection
-rw-rw-rw-  1 scott          74 May 19 14:12 /tmp/winselection

Both happen to look like the cut buffers from a shelltool or commandtool
window.  Both contain text that look familiar in this regard.

My problem with this is the file permissions.  Readable and writeable to
the world?!  Even if I remove them and I do some cut-and-paste, they
are recreated with the same modes.  This is strange since my umask is
set to 027!

This means that whatever I cut and paste, even if it's to a "secure"
file (read-write by me only), the whole world can read it!

Is this an error in the installation of the ow?  Or is this a bug in
general?

scott barman
scott () disclosure com

DISCLAIMER: I will talk to anyone who will listen, but I only speak for myself.



  By Date           By Thread  

Current thread:
  • OpenWindows 3 possible security problem? Scott Barman (May 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]