[3310] in bugtraq
Re: [BUG] Vulnerability in PINE
daemon@ATHENA.MIT.EDU (Jason Haar)
Thu Aug 29 10:45:37 1996
Date: Thu, 29 Aug 1996 08:53:08 +0100
Reply-To: Jason Haar <jason@oit.co.uk>
From: Jason Haar <jason@oit.co.uk>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <Pine.LNX.3.95.960828191424.850A-100000@litterbox.org>
On Wed, 28 Aug 1996, Sean B. Hamor wrote:
> The file is created mode 666 in /tmp with newer versions of PINE, however if
> newer versions of PINE see that /tmp/.user_lockfile is a symbolic link it
> warns the user, refuses to create the lockfile (the symbolic link is not
This check doesn't do you any good if they are capable of using hard links
(i.e. if /tmp and the user's home directory are on the same partition,
then a hard link works - I've done it). Shouldn't pine just check for
links of any kind instead?
Reporting this to the pine-bugs group too...
Cheers,
+++++++++++++++++++++++++++++++++++++++++++++++
Jason Haar, Unix/Internet Manager
OiT, Oxford. Phone: +44 1865 785051
