[8478] in bugtraq
Re: XFree86 3.3.2's setup tool /tmp race
daemon@ATHENA.MIT.EDU (Steve Bellovin)
Tue Nov 10 14:47:33 1998
Date: Mon, 9 Nov 1998 12:29:06 -0500
Reply-To: Steve Bellovin <smb@RESEARCH.ATT.COM>
From: Steve Bellovin <smb@RESEARCH.ATT.COM>
X-To: Adrian Voinea <root@DEATH.GDS.RO>
To: BUGTRAQ@NETSPACE.ORG
In message <Pine.LNX.4.03.9811081750370.13094-100000@Death.GdS.RO>, Adrian Voin
ea writes:
> Hello,
>
> XFree86 3.3.2's setup tool 'xf86config', when it runs 'X -probeonly
> -pn -xf86config /tmp/XF86Config.tmp' creates 2 files with mode 644 in
> /tmp, XF86Config.tmp and dumbconfig.2 and then erases them:
>
...
Etc.
Is this really a problem? On my system, at least (BSD/OS 4.0),
xf86config isn't setuid, so there's only an issue if someone privileged
runs it. (If that's not the case, then there's a deeper underlying
security problem.) And xf86config is the sort of program that one
would run when a machine is being set up, not when it's open to general
users.
