Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: MGE UPS Systems
From: rmurray () PC-42839 BC ROGERS WAVE CA (Ryan Murray)
Date: Mon, 13 Apr 1998 17:29:48 -0700


On Mon, Apr 13, 1998 at 02:00:21PM -0400, Michael T. Shinn wrote:

Next, the programs, when starting up, create lock files in /tmp:
COM_init.lock
MON_init.lock

These files are created with mode 666, and ignore the current umask.

I don't have an MGE UPS to play with, but if it creates a file in /tmp
of umask 666 it might follow a symlink.  (ln -s /tmp/COM_init.lock
/.rhosts)  Thereby creating a root owned, but umask 666 /.rhosts file.

I just tested this (meant to before the original post...) and it appears that
it is at least smart enough to remove the symbolic link before creating the
lock file.

--
Ryan Murray (rmurray () lightspeed bc ca, rmurray () bcit bc ca)
BCIT Computer Resources, Academic Services Student Proctor
BCIT Computer Systems Technology Student: Data Communications Option



  By Date           By Thread  

Current thread:
  • Re: MGE UPS Systems Ryan Murray (Apr 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault