[6384] in bugtraq
/tmp issue with savetextmode
daemon@ATHENA.MIT.EDU (Mark A. Spencer)
Mon Mar 23 18:51:43 1998
Date: Mon, 23 Mar 1998 12:39:06 -0600
Reply-To: "Mark A. Spencer" <mspencer@ENG.AUBURN.EDU>
From: "Mark A. Spencer" <mspencer@ENG.AUBURN.EDU>
To: BUGTRAQ@NETSPACE.ORG
The "savetextmode" command (a script typically run by root) writes to
/tmp/textregs and /tmp/fontdata without any checks and will happily
clobber stuff.
Moreover, the programs which actually do the writing (restoretextmode and
restorefont) are sometimes setuid root on older linux systems...
I have notified RedHat but have not yet heard a response (in 3 days) so I
felt it appropriate to post.
-Mark
