[15226] in bugtraq
Re: HP Security vulnerability in the man command
daemon@ATHENA.MIT.EDU (Philipp Buehler)
Tue Jun 6 16:22:11 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000606105631.A6039@pohl.fips.de>
Date: Tue, 6 Jun 2000 10:56:31 +0200
Reply-To: Philipp Buehler <lists@fips.de>
From: Philipp Buehler <lists@FIPS.DE>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200006051748.e55HmWD19601@cvs.openbsd.org>; "Theo de Raadt" on
05.06.2000 @ 19:48:31 METDST
Theo de Raadt wrote To BUGTRAQ@SECURITYFOCUS.COM:
> > 0) HP *still* insists on NOT setting the sticky bit on world-writeable
> > temporary directories (/tmp and /var/tmp) on default installs of HPUX.
> If this is the case, then any temporary file which gets reopened is
> not safe. A *lot* of software does reopening by name.
Handling temporary files is broken in so many scripts .. e.g. I just
*wait* for the next broken Oracle installer for such a hole.
Other point. I have 2 "default" installed HP-UX 10.20 boxes and I
*have* the sticky bit set on /tmp which cures the problem by itself.
Well, the behaviour of `man' is not nice anyway.
Could the original poster elaborate on his "default" installation?
I could only think of installations which are no TCB HP-UX. I will
check the change logs, but I don't think the +t depends on that.
You *should* use TCB anyway on HP-UX, or how do you want to manage
"shadowed" passwords there properly?
Or do you really want to live with word readable hashed passwords?
ciao
--
Philipp Buehler, aka fIpS | sysfive.com GmbH i.G. | BOfH | NUCH | <double-p>
%SYSTEM-F-TOOEARLY, please contact your sysadmin at a sensible time.
Artificial Intelligence stands no chance against Natural Stupidity.
