Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RedHat 5.2 lrzsz-0.12.14-5 have serious security hole

From: uwe () CSL-GMBH NET (Uwe Ohse)
Date: Tue, 1 Dec 1998 08:45:54 +0100

On Mon, Nov 30, 1998 at 10:16:21PM +0200, Yuri Kuzmenko wrote:


lrz (Linux ZMODEM file receiver) from lrzsz package have a security hole
with file permission.

lrz create file with 0666 mode (world writable)


No, it doesn't. fopen() is not that buggy.



File mode set to normal (specifed by other side) only after downloading.


correct.



my umask is 022


I don't see a code path which doesn't honor your umask, and testing
shows that the files get created with (0666 & ~(umask)).

So what did you do? Can you tell me how to reproduce the behaviour
you have seen?



btw: I really like waking up and finding the name of software packages
i maintain (especially those i only maintain because nobody else did)
on bugtraq. It's going to be a beautiful day.
Next time just sent me an email some time before you send it to bugtraq.
Thank you.

Regards, Uwe
Previous By Date Next
Previous By Thread Next

Current thread: