[20853] in bugtraq
yet another sym link followers
daemon@ATHENA.MIT.EDU (potozky@hushmail.com)
Mon Jun 4 17:12:13 2001
From: potozky@hushmail.com
Message-Id: <200106041452.HAA27104@user8.hushmail.com>
Date: Mon, 4 Jun 2001 15:32:21 +0000 (GMT+01:00)
To: BUGTRAQ@securityfocus.com
Mime-version: 1.0
Content-type: multipart/mixed; boundary="Hushpart_boundary_VIJMZhwFLljSnoHPmsDuvBMrFJLdFpoF"
--Hushpart_boundary_VIJMZhwFLljSnoHPmsDuvBMrFJLdFpoF
Content-type: text/plain
hi
this time with HPUX 11.0 kmmodreg.
kmmodreg creates two files in /tmp:
/tmp/.kmmodreg_lock and /tmp/kmpath.tmp which cheerfully follows symlink
to /dev/vg , /.rhosts and co.
kmmodreg creates the files with O_CREATE 666, or using the umask.
since kmmodreg is running at boot, when umsak is 000, it is possible
to create the linked files with 666.
HP has been notified on the 4th of May, and amazingly enough
released a patch: PHCO_24112.
Graf Potozky
------------------------------------------------------------------------
--------
The Other Israel - bi-monthly peace movement magazine
pob 2542, Holon 58125, Israel; ph/fx: +972-3-5565804;
for free sample hardcopy or email briefings mailto: otherisr@actcom.co.il
http://other_Israel.tripod.com/
------------------------------------------------------------------------
--------
Free, encrypted, secure Web-based email at www.hushmail.com
--Hushpart_boundary_VIJMZhwFLljSnoHPmsDuvBMrFJLdFpoF--
IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages.
Get your FREE, totally secure email address at http://www.hushmail.com.
