[6512] in bugtraq
Re: MGE UPS Systems
daemon@ATHENA.MIT.EDU (Ryan Murray)
Mon Apr 13 22:11:19 1998
Mail-Followup-To: "Michael T. Shinn" <mike@shinn.net>, bugtraq@netspace.org
Date: Mon, 13 Apr 1998 17:29:48 -0700
Reply-To: Ryan Murray <rmurray@PC-42839.BC.ROGERS.WAVE.CA>
From: Ryan Murray <rmurray@PC-42839.BC.ROGERS.WAVE.CA>
X-To: "Michael T. Shinn" <mike@shinn.net>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <353252B5.DC27F53F@shinn.net>; from Michael T. Shinn on Mon,
Apr 13, 1998 at 02:00:21PM -0400
On Mon, Apr 13, 1998 at 02:00:21PM -0400, Michael T. Shinn wrote:
> > Next, the programs, when starting up, create lock files in /tmp:
> > COM_init.lock
> > MON_init.lock
> >
> > These files are created with mode 666, and ignore the current umask.
> >
> I don't have an MGE UPS to play with, but if it creates a file in /tmp
> of umask 666 it might follow a symlink. (ln -s /tmp/COM_init.lock
> /.rhosts) Thereby creating a root owned, but umask 666 /.rhosts file.
I just tested this (meant to before the original post...) and it appears that
it is at least smart enough to remove the symbolic link before creating the
lock file.
--
Ryan Murray (rmurray@lightspeed.bc.ca, rmurray@bcit.bc.ca)
BCIT Computer Resources, Academic Services Student Proctor
BCIT Computer Systems Technology Student: Data Communications Option
