[3321] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: BoS: [BUG] Vulnerability in TIN

daemon@ATHENA.MIT.EDU (Larry Schwimmer)
Tue Sep 3 11:48:26 1996

Date: 	Tue, 3 Sep 1996 03:22:30 -0700
Reply-To: Larry Schwimmer <rosebud@cyclone.Stanford.EDU>
From: Larry Schwimmer <rosebud@cyclone.Stanford.EDU>
X-To:         Shyne-Song.Chuang@Singapore.Sun.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To:  <199609030216.KAA01267@elan.Singapore.Sun.COM> from "Shyne-Song
              Chuang" at Sep 3, 96 10:16:56 am

You (Shyne-Song Chuang) write:
> I am not sure if this is a known vulnerability, but the newsreader
> tin also has a problem with mode 666 temp files.

        I consider it well known, but that could just be me.
        In any event, add

        -DDONT_LOG_USER

to your Makefile, and it won't compile in this code.  Security hole
aside, it is also potential an invasion of user privacy.

                        yours,
                                Larry Schwimmer
                                schwim@cyclone.stanford.edu
                                Distributed Computing Operations


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[3321] in bugtraq

Re: BoS: [BUG] Vulnerability in TIN

daemon@ATHENA.MIT.EDU (Larry Schwimmer)Tue Sep 3 11:48:26 1996

daemon@ATHENA.MIT.EDU (Larry Schwimmer)
Tue Sep 3 11:48:26 1996