[18192] in bugtraq
Re: Solaris patchadd(1) (3) symlink vulnerabilty
daemon@ATHENA.MIT.EDU (Paul Szabo)
Tue Dec 19 18:14:21 2000
Message-ID: <200012190800.TAA05385@milan.maths.usyd.edu.au>
Date: Tue, 19 Dec 2000 19:00:20 +1100
Reply-To: Paul Szabo <psz@MATHS.USYD.EDU.AU>
From: Paul Szabo <psz@MATHS.USYD.EDU.AU>
X-To: jfortin@REVELEX.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Jonathan Fortin <jfortin@REVELEX.COM> wrote:
> When patchadd is executed, It creates a temporary file called
> "/tmp/sh<pidofpatchadd>.1" , "/tmp/sh<pidofpatchadd>.2 ,
> "/tmp/sh<pidofpatchadd>.3 and assigns them mode 666 ...
I guess that patchadd is a "sh" script using the "<<" construct, this
being an instance of the bug I reported recently:
http://www.securityfocus.com/templates/archive.pike?list=1&msg=200011230225.NAA19716@milan.maths.usyd.edu.au
This is essentially the same as the tcsh bug fixed recently in other OSs.
Paul Szabo - psz@maths.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics University of Sydney 2006 Australia
