[6060] in bugtraq
Re: GZEXE - the big problem
daemon@ATHENA.MIT.EDU (Theo de Raadt)
Mon Feb 2 15:09:49 1998
Date: Sat, 31 Jan 1998 11:07:01 -0700
Reply-To: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
From: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
X-To: =?UNKNOWN-8BIT?Q?Micha=B3?= Zalewski <lcamtuf@BOSS.STASZIC.WAW.PL>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Wed, 28 Jan 1998 21:41:53 +0100."
<01bd2c2d$2a5e1040$LocalHost@LCAMTUF>
> GZEXE, part of gzip package, is a small utility which allows
> 'transparent' compressio any kind of executables (just like pklite
> under ms-dos). Unfortunatelly, it may be extremally dangerous. Here's
> the shell script used to decompression:
>
> if /usr/bin/tail +$skip $0 | "/usr/bin"/gzip -cd > /tmp/gztmp$$; then...
> [...] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> /tmp/gztmp$$ ${1+"$@"}; res=3D$?
> ^^^^^^^^^^^^
This /tmp race was fixed in the OpenBSD back in August... looks like
OpenBSD 2.2 is not vulnerable.
