Bugtraq mailing list archives
Bootpd 2.4.3 tmp race
From: marcelo () CONECTIVA COM BR (Marcelo Tosatti)
Date: Thu, 12 Nov 1998 06:13:03 -0200
Sorry if this is already known.
I found a tmp race in bootpd 2.4.3.
If the user do not specify a file to dump the database, bootpd will try to
dump it in /tmp/bootpd.dump.
Here goes the fix :
diff -Nur bootp-2.4.3.orig/bootpd.c bootp-2.4.3/bootpd.c
--- bootp-2.4.3.orig/bootpd.c Mon Mar 27 18:38:35 1995
+++ bootp-2.4.3/bootpd.c Thu Nov 12 05:57:39 1998
@@ -91,11 +91,9 @@
#ifndef CONFIG_FILE
#define CONFIG_FILE "/etc/bootptab"
#endif
-#qifndef DUMPTAB_FILE
-#define DUMPTAB_FILE "/tmp/bootpd.dump"
-#endif
-
+char DUMPTAB_FILE [] = "/tmp/bootpd.dump.XXXXXX";
+
/*
* Externals, forward declarations, and global variables
@@ -369,7 +367,8 @@
if (argc > 1)
bootpd_dump = argv[1];
-
+ else
+ mktemp(DUMPTAB_FILE);
/*
* Get my hostname and IP address.
*/
Marcelo Tosatti
Conectiva Internet Solutions
Current thread:
- Re: [Linux] klogd 1.3-22 buffer overflow, (continued)
- Re: [Linux] klogd 1.3-22 buffer overflow security () PENGUIN NET AU (Nov 17)
- Update to Microsoft Security Bulletin (MS98-015) Aleph One (Nov 18)
- Multiple KDE security vulnerabilities (root compromise) David G. Andersen (Nov 18)
- Sun Security Bulletin #00179 Aleph One (Nov 18)
- Re: Sun Security Bulletin #00179 Jonathan A. Zdziarski (Nov 19)
- Re: WWWBoard Vulnerability Spartak Radchenko (Nov 10)
- Re: WWWBoard Vulnerability Samuel Sparling (Nov 10)
- world-readable shadow backups in SuSe 5.2 HD Moore (Nov 10)
- mSQL dummies Peter Boutzev (Nov 11)
- Re: world-readable shadow backups in SuSe 5.2 Erik (Nov 11)
- Bootpd 2.4.3 tmp race Marcelo Tosatti (Nov 12)
- Re: world-readable shadow backups in SuSe 5.2 Roman Drahtmueller (Nov 12)
- More msql... Peter Boutzev (Nov 12)
- Re: world-readable shadow backups in SuSe 5.2 Andrew Pitman (Nov 11)
- Re: world-readable shadow backups in SuSe 5.2 xnec (Nov 11)