[10727] in bugtraq
Re: /tmp symlink problems in SuSE Linux 6.1
daemon@ATHENA.MIT.EDU (Thomas Biege)
Sun Jun 6 13:26:06 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.05.9906050653240.15758-100000@Galois.suse.de>
Date: Sat, 5 Jun 1999 07:13:28 +0200
Reply-To: Thomas Biege <thomas@SUSE.DE>
From: Thomas Biege <thomas@SUSE.DE>
X-To: Thomas Fischbacher <Thomas.Fischbacher@Physik.Uni-Muenchen.DE>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.4.10.9906041632550.5853-100000@brauneck.cip.physik.uni-muenchen.de>
On Fri, 4 Jun 1999, Thomas Fischbacher wrote:
> > we at SuSE could not reproduce this problem neither for
> > man nor for dvips.
>
> Ok, here is a log of what I just did five minutes ago:
> (emacs -- M-x shell, btw.)
[...]
> You see -- the problem definitely is not fiction! Come over to Munich and
> see yourself if you want.
I don't think it's a fiction...
... the fact is, that just old releases of SuSE 6.1 seem to be
vulnerable, the newer releases didn't - man uses open(O_EXCL) and
drops it's privileges.
A customer told me, that the behavior you described just happens
when he opens a big man page for the first time... we will check
this as soon as posible.
> > Please send us a full list of "maybe" buggy tools, so we
> > could evaluate them.
> ?
In your first post to bugtraq you mentioned, that more tools have
/tmp symlink problems... feel free to tell us about them.
(BTW, I strace'd dvips on my SuSE 6.0 and it never touched /tmp.)
Bye,
Thomas
--
Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
E@mail: thomas@suse.de Function: Security Support & Auditing
"lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka"
Key fingerprint = E3 42 DA D1 3B 9C 23 D0 93 1F B8 2E 6B 9A 45 82
