[17579] in bugtraq
Re: StarOffice 5.2 Temporary Dir Vulnerability
daemon@ATHENA.MIT.EDU (Igor Falcomata')
Thu Nov 9 15:42:27 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <20001108113545.H269@kppc.sikurezza.org>
Date: Wed, 8 Nov 2000 11:35:45 +0100
Reply-To: "Igor Falcomata'" <igor@INFOSEC.IT>
From: "Igor Falcomata'" <igor@INFOSEC.IT>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20001108153353.B11281@diffie.it.murdoch.edu.au>; from
christian@IT.MURDOCH.EDU.AU on Wed, Nov 08,
2000 at 03:33:53PM +0800
On Wed, Nov 08, 2000 at 03:33:53PM +0800, Christian wrote:
> Hi,
>
> A while back I noticed that StarOffice 5.2 (running under Linux and
> Solaris) creates a temporary directory under /tmp with the name
> "soffice.tmp" with permissions 0777. I figured there had to be some
a real quick workaround is to make (as root) a "fixed" /tmp/soffice.tmp 777
+t dir.
drwxrwxrwt 2 root root 1024 Nov 9 11:39 soffice.tmp
Note that files created by SO in this dir are still readable (but not
writable) by other users, so change the $TMP var is probabily better.
bye
Koba
--
Igor Falcomata'
IT Security Manager & Consultant
Infosec srl - www.infosec.it
Network Security and Data Defense
--
free advertising: www.openbsd.org - Multiplatform Ultra-secure OS
