Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Subject: [Helix Beta] Helix Code Security Advisory - Helix GNOME Installer
From: Joe Shaw (joeHELIXCODE.COM)
Date: Sun Aug 20 2000 - 02:08:33 CDT
- Next message: Alan Cox: "Security update for Gnome-Lokkit"
- Previous message: Michal Zalewski: "RH 6.1 / 6.2 minicom vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
HELIX CODE, INC. SECURITY ADVISORY
securityhelixcode.com Issue Date: 20 Aug 2000
Helix GNOME Installer, versions 0.1 through 0.5
Vulnerabilities in the Helix GNOME Installer allow non-root users to exploit
world-writable permissions on /tmp to damage a system's configuration files
or install arbitrarily modified RPM packages.
Temporary copies of the /etc/config.d/bashrc, /etc/config.d/csh.cshrc, and
/etc/rc.d/rc.gui files on Caldera OpenLinux eDesktop 2.4 and /etc/rc.config
on SuSE 6.3 and 6.4 are stored in the /tmp directory, modified, and moved back
into their original locations. A mkdir of the right path by any user prior to
root running the Helix GNOME Installer can result in a system's configuration
files being lost.
Furthermore, a directory called /tmp/helix-install is used to download
packages to be installed. If that directory was created by a malicious non-root
user, arbitrarily placed packages could be installed onto the system.
A new version of the Helix GNOME Installer (0.6) has been released. This new
version fixes both vulnerabilities. The first is solved by making backups of
the system files in the same directory from which they came, and doing the
operation on these files in-place. The second is solved by moving the default
download directory to /var/cache/helix-install, which is writable only by
New versions of the Helix GNOME Installer are available immediately from
Helix Code, Inc.
A list of supported systems can be found at
For supported i386 systems:
For supported PPC systems:
For supported UltraSparc Solaris systems:
Copyright (C) 2000 Helix Code, Inc.