OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Solaris patchadd(1) (3) symlink vulnerabilty
From: Paul Szabo (pszMATHS.USYD.EDU.AU)
Date: Tue Dec 19 2000 - 02:00:20 CST

Jonathan Fortin <jfortinREVELEX.COM> wrote:

> When patchadd is executed, It creates a temporary file called
> "/tmp/sh<pidofpatchadd>.1" , "/tmp/sh<pidofpatchadd>.2 ,
> "/tmp/sh<pidofpatchadd>.3 and assigns them mode 666 ...

I guess that patchadd is a "sh" script using the "<<" construct, this
being an instance of the bug I reported recently:

  milan.maths.usyd.edu.au">http://www.securityfocus.com/templates/archive.pike?list=1&msg=200011230225.NAA19716milan.maths.usyd.edu.au

This is essentially the same as the tcsh bug fixed recently in other OSs.

Paul Szabo - pszmaths.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics University of Sydney 2006 Australia