Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: vulnerability in satan, cops & tiger
From: schales () WATSON IBM COM (Douglas Lee Schales)
Date: Fri, 26 Jun 1998 16:52:41 -0400


In reply to your message dated: Fri, 26 Jun 1998 09:24:17 +0200

Tiger v2.2.3

the $WORKDIR of tiger 2.2.3 is set to /tmp and many
temporary files are being written there (it would exeed
all limits to mention all the lines) ...
to prevent the raceconditions, $TIGER_HOME/tmp should be created by
default and $WORKDIR in the config file set to it.
See below for a patch.

I had seen the patch via the current maintainer of Tiger, and
had told them not to issue it.  This is not the best approach
as many people run Tiger off of R/O floppy diskettes, and this
won't work in that situation.

As an interim solution, the user should create a scratch directory
specifically for Tiger, R/W only by root (there is no reason for
anyone else to be able to read the directory).  Set WORKDIR to point
to this directory.  `/var/spool/tiger' would probably be reasonable.

I've not decided on an "automated" solution that is acceptable,
thus the lack of a patch.

closing remarks: I was shocked when I found these bugs. These security tools
have been around since years - and yet nobody had checked this ??
If this is a reflection of our security consciousness, well, we are in big
trouble since a long time and things are not getting better (especially with
M$ around)

Perhaps these tools should have been shuffled up on the priority queue,
because they have "security" associated with them, but it doesn't
really matter.  If the "hack" succeeds, it succeeds... does not matter
what the programs purpose in life was...

I also think many believe that we should address the real problem
first, instead of occupying our time dredging through a never ending
source of code.  The real problem is the shared `/tmp'.

In my private e-mails, I suggested a (hack) solution, but I've now
decided against it.  The correct solution, IMHO, is what I offhandedly
referred to in one message:

rm -rf /tmp

and make the scratch area be private in each accounts home directory
(though some of the shared homes, and roots home being `/' are
problematic).  Then we can go through and fix all the apps once and
for all.

Anyhow, off subject...

dls

[ who will now undoubtably now receive a ton of junk mail for his
  troubles ]

--
Douglas Lee Schales



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]