[8728] in bugtraq
OSS nice tmp race
daemon@ATHENA.MIT.EDU (the razor of love)
Fri Dec 18 23:18:04 1998
Date: Fri, 18 Dec 1998 20:05:06 -0500
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: the razor of love <oghost@RAS-S84.NYC.TRANSWIRE.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19981217021238.A5786@art.ro>
This does not exist in the latest version of OSS on FreeBSD. /tmp is
not used at all in any part of the package that I could find.
Version: OSS/FreeBSD 3.9.1i (C) 4Front Technologies 1996-1998
Kernel: FreeBSD 3.0-CURRENT #3: Wed Dec 16 22:10:00 EST 1998
Cheers,
Ben
---
Benjamin P. Grubin / bgrubin@iss.net - PGP key available
Sr. Systems Engineer / ph/page (917) 975-2203 fax (212) 228-0404
Internet Security Systems / Diplomacy is the art of saying "nice doggy"
http://www.iss.net/ / until you can find a rock.
Stefan Laudat writes:
> Hello all,
>
> While digging in the "soundon" script delivered with the OSS package (the commercial
> one, of course), I have discovered something very unusual on line 26
>
> $MODTOOLS/insmod -V > /tmp/oss.tmp 2>&1
> # KABOOM! "Hey, Beavis, told ya it was plutonium"
> MODVERS=`head -1 /tmp/oss.tmp|sed 's/.* //'`
> rm -f /tmp/oss.tmp # too late, buddy!
>
>
> Nice,huh? Just imagine that almost all soundcards are PnP today, there are few admins that
> know how to play with isapnp and ALSA (yeah, it rulez), the soundcfg or soundconf (whatever)
> script that comes with RedHat 5.x sucks big time and most of the ppl running LeeNw00x use
> OSS that seems to be a very good tool for the average RewT, honestly. And thank God OSS knows
> lots of soundcards! Most of you are running the soundon script in rc.local, so the
> satisfaction is guaranteed:
>
>
> ln -s /etc/inittab (next boot you're dead)
>
> Don't worry, support@opensound.com has been already notified so they will correct the bug
> ASAP I guess.
> BTW there is no bugs@opensound.com, so I love their optimistic way of thinking.
> I think the correct code is :
>
> ## insert before line 26
> if [ -L /tmp/oss.tmp ]
> then
> logger "Hey,man, you've got a naughty (l)user -- ".`ls -lsa /tmp/oss.tmp`
>
> # die, lam0r! :)
>
> rm /tmp/oss.tmp
> fi
>
> Take care :)
>
> --
> Stefan Laudat
> System Engineer - Dragon Art
>
> "Power comes from the barrel of the gun"
>
> -- Mao Tze Dong
>
