Bugtraq: Re: X11R6 NetBSD Security Problem

Nmap Security Scanner

Intro

Docs
Security Lists

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: X11R6 NetBSD Security Problem

From: kvajk () RICOCHET NET (Kevin Vajk)
Date: Sun, 28 Mar 1999 19:01:41 -0800


This patch looks pretty good.  (Much better than the current situatiuon!!!)

A few comments:

On Fri, 26 Mar 1999, Matthieu Herrb wrote:

+    if (errno == EEXIST) {
+     if (stat(path, &buf) != 0) {


This should be lstat().

+     if (S_ISDIR(buf.st_mode) && ((buf.st_mode & ~S_IFMT) == mode)) {
+         return 0;
+     }
+    }


I think you'll want to check the owner of the directory, too.

- Kevin Vajk
  <kvajk () ricochet net>

Current thread:

Re: FrontPage + Apache + FreeBSD, (continued)
- abuse of nickserv Nelson Little (Mar 23)
- Linux 2.2.3 patch to prevent FIN/NULL/XMAS scans Taral (Mar 24)
- not only NetBSD [was Re: X11R6 NetBSD Security Problem] Pavel Machek (Mar 26)
- Re: X11R6 NetBSD Security Problem Matthieu Herrb (Mar 26)
  - Re: X11R6 NetBSD Security Problem Kevin Vajk (Mar 28)
- wu-ftp 2.4.2 (release VR16) /bin/ftponly [ (Mar 27)
- SuSE Security Announcement - XFree86 Marc Heuse (Mar 28)
- Re: X11R6 NetBSD Security Problem /usr/libexec/telnetd (Mar 25)