mailing list archives
Re: /bin/sh creates insecure tmp files
From: Kris Kennaway <kris () FREEBSD ORG>
Date: Thu, 23 Nov 2000 13:37:56 -0800
On Thu, Nov 23, 2000 at 01:25:28PM +1100, Paul Szabo wrote:
Similarly to the recently discussed tcsh vulnerability, the Bourne shell
/bin/sh also creates temporary files in an insecure way, and can be
exploited to create arbitrary files or to overwrite existing ones. While
this vulnerability can be exploited for a denial-of-service attack, it is
not clear how to use it to gain additional privileges.
FreeBSD does not seem to do this.