Security problem in Slackware.

Hi,

I just found out that the setup program in slackware creates a file called
hdtest in /tmp without checking for its existence.

So a malicious user could just create a symlink to any root owned file and
it will get fucked up when the administrator runs setup.

In my case I just created a symlink to /etc/passwd and when I exit the
setup the file contains only "EXIT" :-)

Lemme know if something has been done about it already.

--Suman

/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
         Suman Saraf Software Engineer
               Mobile Satellites Project
                Hughes Software Systems
           Plot 31,Sector 18,Electronic City,Gurgaon.
               Tel:011-91-343703 Ext: 2423
       PGP Keys on Request. http://www.hssworld.com
/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
Received on Mar 11 1998