[22379] in bugtraq
Re: Adobe Acrobat creates world writable ~/AdobeFnt.lst files
daemon@ATHENA.MIT.EDU (Scott Howard)
Wed Aug 22 18:55:09 2001
Date: Thu, 23 Aug 2001 08:34:36 +1000
From: Scott Howard <scott@doc.net.au>
To: bugtraq@securityfocus.com
Message-ID: <20010823083436.A26116@milliways.doc.net.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200108222034.f7MKYxH305924@jurassic.eng.sun.com>; from Darren.Moffat@eng.sun.com on Wed, Aug 22, 2001 at 01:34:19PM -0700
> >> >Adobe Acrobat creates world writable ~/AdobeFnt.lst files
> Another possible workaround would be to create a shared object that
> replaced the open/chmod calls that change the permissions on the file,
> this could then be LD_PRELOAD'd so that acroread doesn't do the wrong thing.
How about :
mkdir ~/.adobe
chmod 600 ~/.adobe
mv ~AdobeFnt.lst ~/.adobe/
ln -s ~/.adobe/AdobeFnt.lst ~
As the chmod will follow the symlink, it will change the permissions of the
file, not the link. This means that the file itself still ends up as mode
0666, but as the directory it's in is mode 0600, then nobody will be able
to access it other than the owner.
Adding the above (with some checking that it hasn't already been done, etc)
to a script which start Acrobat would handle the problem for all users.
Scott.
