[2112] in bugtraq
Re: BUGTRAQ ALERT: Solaris 2.x vulnerability
daemon@ATHENA.MIT.EDU (Nathan Lawson)
Wed Aug 16 13:13:40 1995
Date: Wed, 16 Aug 1995 01:42:36 -0700
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Nathan Lawson <nlawson@statler.csc.calpoly.edu>
X-To: BUGTRAQ@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: <Pine.SUN.3.90.950815190543.11643A-100000@dfw.net> from "Aleph
One" at Aug 15, 95 07:06:48 pm
Aleph1 said:
> Well while we taling about SysV ps IRIX's its sgid to sys, writes
> to /tmp/.ps_data and /tmp/.ps_XXXXXX but /tmp was the sticky bit on.
The /tmp/.psXXXXXX is open to a race. The directory is safe as long as it
isn't world writable.
-Nate
