[5235] in bugtraq
Pine's re-occuring nightmare
daemon@ATHENA.MIT.EDU (jericho@DIMENSIONAL.COM)
Mon Sep 1 15:14:37 1997
Date: Mon, 1 Sep 1997 04:53:58 -0600
Reply-To: jericho@DIMENSIONAL.COM
From: jericho@DIMENSIONAL.COM
To: BUGTRAQ@NETSPACE.ORG
(sorry if this has been posted.. i haven't seen anything about it yet)
(If memory serves, Sean @ Litterbox was the first to write up a problem
report and post it here.. his original 'advisory' covers this problem.
just sub in the new version number. :)
As we all know from past posts, Pine 3.91 - 3.94 had a problem where it
threw down a temporary file in /tmp that was based off its PID. The file
was mode 666 creating a symlink problem. 3.95 came out and fixed this
problem.
3.96 has the same thing. I have 3.96 running on a Linux (Slack 3.3) box,
and have verified it on a Sun 4.1.4 box as well. In both cases, the
temporary files were PID based, and mode 666 like before.
Guess this means every odd release will be more secure? :)
- Damien
