|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Solaris patchadd(1) (3) symlink vulnerabilty
From: Paul Szabo (psz
MATHS.USYD.EDU.AU)Date: Fri Dec 22 2000 - 14:17:26 CST
- Next message: Adam Shostack: "Re: Sample SecurID Token Emulator with Token Secret Import"
- Previous message: Ofir Arkin: "ICMP Usage In Scanning v2.5 - Research Paper"
- Maybe reply: Paul Szabo: "Re: Solaris patchadd(1) (3) symlink vulnerabilty"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Darren Moffat <Darren.MoffatENG.SUN.COM> wrote:
> Since patchadd is a script the bug it pretty easy to fix...
> So here is a set of diffs to patchadd for those that really can't wait.
> [ replaces /tmp by a safe ${WORKDIR} ]
Wow! That was quick.
However you seem to have missed the "cat << EOF" constructs, which I
believe were the subject of the original report:
> Jonathan Fortin <jfortinREVELEX.COM> wrote:
>> When patchadd is executed, It creates a temporary file called
>> "/tmp/sh<pidofpatchadd>.1" , "/tmp/sh<pidofpatchadd>.2 ,
>> "/tmp/sh<pidofpatchadd>.3 and assigns them mode 666 ...
That is a bug in the ksh you are using: do not use "here documents" until
you fix the ksh. Need to check/fix all rootly ksh and sh scripts.
Paul Szabo - pszmaths.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics University of Sydney 2006 Australia
- Next message: Adam Shostack: "Re: Sample SecurID Token Emulator with Token Secret Import"
- Previous message: Ofir Arkin: "ICMP Usage In Scanning v2.5 - Research Paper"
- Maybe reply: Paul Szabo: "Re: Solaris patchadd(1) (3) symlink vulnerabilty"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]