[9837] in bugtraq
Re: Little exploit for startup scripts (SCO 5.0.4p).
daemon@ATHENA.MIT.EDU (=?iso-8859-1?q?Taneli_Lepp=E4?=)
Mon Mar 8 14:32:42 1999
Date: Mon, 8 Mar 1999 18:37:45 +0200
Reply-To: =?iso-8859-1?q?Taneli_Lepp=E4?= <rosmo@sektori.com>
From: =?iso-8859-1?q?Taneli_Lepp=E4?= <rosmo@SEKTORI.COM>
X-To: Peter van Dijk <peter@ATTIC.VUURWERK.NL>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19990308084315.K8862@attic.vuurwerk.nl>
On Mon, 8 Mar 1999 08:43:15 +0100, Peter van Dijk wrote:
>No. rm -f removes just the symlink, not the target file.
Actually the script won't delete any script, instead
it will overwrite any file:
# S84rpcinit:
# ...
# /bin/su root -c "/bin/ps -ef" > /tmp/rpc$$ 2>/tmp/rpc.err$$
# /bin/rm -f /tmp/rpc.err$$
Now if /tmp/rpc$$ was symlinked to another file, it would
be overwritten with output from /bin/ps... right? :-)
Regards,
Taneli
--
| Taneli Lepp=E4 <rosmo@sektori.com>, <http://www.rosmo.sektori.com>
| GSM: +358505485242 - T=E4rkeimm=E4t uutiset: http://uutiset.icon.fi
