[4222] in bugtraq
Re: symlink bug in tin/rtin
daemon@ATHENA.MIT.EDU (Nelson Murilo)
Sat Mar 29 14:02:48 1997
Date: Sat, 29 Mar 1997 15:29:21 -0300
Reply-To: Nelson Murilo <nelson@PANGEIA.COM.BR>
From: Nelson Murilo <nelson@PANGEIA.COM.BR>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.91.970329173922.20479B-100000@c64.org>
On Sat, 29 Mar 1997, NetRunner wrote:
}Small bug I discovered in the unix NEWS reader tin/rin.
}
}Then a user run rtin/tin a user-list will be created in /tmp/.tin_log
}with mode 0666. and if a user makes a symlink from /etc/passwd (or any
}file) to /tmp/.tin_log and root or another user with uid 0 runs rtin/tin,
}tin will follow the symlink to /etc/passwd and change the mode to 0666.
}
}I hope no admin's are stupid enough to run rtin/tin as uid 0. :-)
This is old problem, to fix add or change this line in Makefile:
COPTS = -c -O -DDONT_LOG_USER
and recompile rtin/tin package.
}/NetRunner
}nr@c64.org
Regards,
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
N e l s o n M u r i l o
Pangeia Informatica - Provedor de solucoes Internet.
http://www.pangeia.com.br
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
