[1884] in bugtraq
OpenWindows 3 possible security problem?
daemon@ATHENA.MIT.EDU (Scott Barman)
Mon May 22 17:47:39 1995
Date: Mon, 22 May 1995 15:04:42 -0400 (EDT)
From: Scott Barman <scott@Disclosure.COM>
To: bugtraq@fc.net
While poking around the system (SPARC Classic running SunOS 4.1.3_U1)
looking for a lost file, I stumbled across a couple of files that looked
interesting:
-rw-rw-rw- 1 scott 20 May 19 14:12 /tmp/ttyselection
-rw-rw-rw- 1 scott 74 May 19 14:12 /tmp/winselection
Both happen to look like the cut buffers from a shelltool or commandtool
window. Both contain text that look familiar in this regard.
My problem with this is the file permissions. Readable and writeable to
the world?! Even if I remove them and I do some cut-and-paste, they
are recreated with the same modes. This is strange since my umask is
set to 027!
This means that whatever I cut and paste, even if it's to a "secure"
file (read-write by me only), the whole world can read it!
Is this an error in the installation of the ow? Or is this a bug in
general?
scott barman
scott@disclosure.com
DISCLAIMER: I will talk to anyone who will listen, but I only speak for myself.
