[9776] in Athena Bugs
decmips 7.4G: zctl
daemon@ATHENA.MIT.EDU (Richard J. Barbalace)
Wed Aug 12 00:45:44 1992
To: bugs@Athena.MIT.EDU
Date: Wed, 12 Aug 92 00:45:30 EDT
From: Richard J. Barbalace <rjbarbal@Athena.MIT.EDU>
System name: hodge
Type and version: KN01 7.4G (1 update(s) to same version)
Display type: PMAX-MFB
What were you trying to do?
% fs la ~
Access list for /afs/athena.mit.edu/user/r/j/rjbarbal is
Normal rights:
system:expunge ld
system:authuser rl
rjbarbal rlidwka
% ln -s Private/.zephyr.subs .zephyr.subs
% ls -l .zephyr.subs
lrwxr-xr-x 1 rjbarbal 20 Aug 11 23:58 .zephyr.subs -> Private/.zephyr.subs
% zctl add foo bar
% ls -l .zephyr.subs
-rw------- 1 rjbarbal 2365 Aug 11 23:57 .zephyr.subs
What's wrong:
zctl removes the symlink from .zephyr.subs to Private/.zephyr.subs.
THIS IS A GAPING SECURITY HOLE!!!
Anyone who has a world-readable top directory and who subscribes to private
zephyr classes can get seriously screwed if they forget to move and re-link
.zephyr.subs every time they change their subscriptions.
What should have happened:
zctl should follow the symlink and alter that file, not simply remove
the link and place the changed .zephyr.subs file in the top directory.
Please describe any relevant documentation references:
The manual page does not mentioned that .zephyr.subs is removed and
rewritten, causing symlinks to be destroyed.
