[22375] in bugtraq
Re: Adobe Acrobat creates world writable ~/AdobeFnt.lst files
daemon@ATHENA.MIT.EDU (wim@djo.wtm.tudelft.nl)
Wed Aug 22 15:10:50 2001
Message-ID: <20010822185446.6738.qmail@djo.wtm.tudelft.nl>
From: wim@djo.wtm.tudelft.nl
To: Darren.Moffat@eng.sun.com
Date: Wed, 22 Aug 2001 20:54:46 +0200 (MEST)
Cc: wim@djo.wtm.tudelft.nl (Wim Osterholt), bugtraq@securityfocus.com
In-Reply-To: <no.id> from "Darren Moffat" at Aug 22, 2001 10:35:07 AM
Reply-To: wim@djo.wtm.tudelft.nl
Errors-To: wim@djo.wtm.tudelft.nl
X-Acknowledge-To: wim@djo.wtm.tudelft.nl
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
> >Adobe Acrobat creates world writable ~/AdobeFnt.lst files
...
> Another possible workaround would be to create a shared object that
> replaced the open/chmod calls that change the permissions on the file,
> this could then be LD_PRELOAD'd so that acroread doesn't do the wrong thing.
>
> Using truss on Solaris we can easily see that acroread actually makes
> an explicit call to set the permissions to 0666.
And what if that call fails?
chattr +i will do miracles, I imagine.
Regards, Wim.
