[8658] in bugtraq
Re: RedHat 5.2 lrzsz-0.12.14-5 have serious security hole
daemon@ATHENA.MIT.EDU (Uwe Ohse)
Tue Dec 1 12:44:35 1998
Mail-Followup-To: Bugtraq List <BUGTRAQ@netspace.org>
Date: Tue, 1 Dec 1998 08:45:54 +0100
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Uwe Ohse <uwe@CSL-GMBH.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.96.981130221532.30073A-100000@killer.cracksoft.kiev.ua>; from Yuri Kuzmenko on Mon, Nov 30,
1998 at 10:16:21PM +0200
On Mon, Nov 30, 1998 at 10:16:21PM +0200, Yuri Kuzmenko wrote:
> lrz (Linux ZMODEM file receiver) from lrzsz package have a security hole
> with file permission.
>
> lrz create file with 0666 mode (world writable)
No, it doesn't. fopen() is not that buggy.
> File mode set to normal (specifed by other side) only after downloading.
correct.
> my umask is 022
I don't see a code path which doesn't honor your umask, and testing
shows that the files get created with (0666 & ~(umask)).
So what did you do? Can you tell me how to reproduce the behaviour
you have seen?
btw: I really like waking up and finding the name of software packages
i maintain (especially those i only maintain because nobody else did)
on bugtraq. It's going to be a beautiful day.
Next time just sent me an email some time before you send it to bugtraq.
Thank you.
Regards, Uwe