[3106] in bugtraq
Re: [SECURITY VULNERABILITY] lmgrd startup script
daemon@ATHENA.MIT.EDU (Matthew G. Harrigan)
Fri Aug 9 18:58:37 1996
Date: Fri, 9 Aug 1996 14:13:50 -0700
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: "Matthew G. Harrigan" <mharrigan@cisco.com>
X-To: pmarc@cmg.FCNBD.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
At 12:45 PM 8/9/96 -0500, you wrote:
>Look at how lmgrd is started through /etc/rc2.d/S85lmgrd:
>
> $licdir/${lmgrd} -c $licdir/$licfile >> /tmp/license_log 2>&1 &
>
>
> The system is vulnerable to attacks that link /tmp/license_log to some
>non-existent system file such as /.rhosts making it world writable the next
>time the machine is rebooted.
Actually, it would make any file vulnerable, even if it existed since the
rc command appends and does not create (>>).
Matt
Matthew G. Harrigan |cisco Systems
Internet Systems Engineer |mharrigan@cisco.com
-------------------------------|408-527-3852 (x63582)
"640K ought to be enough for |Email Pager:
anybody. " - Bill Gates, 1981 |mharrigan@airnote.net
