Re: Bug in xfs

[jakes () LEET ORG (David Jacobson)]

On Wed, 31 Mar 1999, Roman Drahtmueller wrote:

> [snip]
> > [lukasz@lt /tmp]$ ls -all /etc/shadow
> > -r--------   1 root     root          544 Mar 30 00:04 /etc/shadow
> [snip]
> > [root@lt /root]# xfs &
> [snip]
> > [lukasz@lt /tmp]$ ls -all /etc/shadow
> > -rwxrwxrwt   1 root     root          544 Mar 30 00:04 /etc/shadow
> [snip]
> > Solution, As root before run xfs, make rm -rf /tmp/.font-unix
>
> For sure this needs to be fixed. Your "solution" introduces a race
> condition, though, if the font server is started when users are
> allowed to log on.
>
> A better interim aid is not to run xfs as root in the first place. In
> fact, why would one want to run things as root if not necessary?
>
> Roman.
> Computer Center University of Freiburg, Germany.
> "The whole world is about three drinks behind."  (Humphrey Bogart)

I would just like to say that Debian/GNU Linux Potato is not vulnerable to
this xfs vulnerability.