Re: pinelock.csh exploit

[jbourne () ISLAND NET (Jim Bourne)]

On Tue, 2 Dec 1997, Roger Harrison ? wrote:

>         There was something a while ago on bugtraq about pinelock
> files and how they were mode 666.  This program I wrote takes this idea
> and brings it a step further into an easy way to show why this is a
> problem.  My program <pinelock.csh> allows you to log off a user or kill
> one of their processes IF they open up a second session of pine.  It
> isn't terribly useful, except for annoying a user.  However, if root opens
> up two sessions of pine, I can think of some interesting processes and
> daemons which might be killed.  Copies of this program will be stored
> at http://kepler.poly.edu/~rharri01/.  Click on files and
> then click on pinelock.csh. Have fun!

Not sure if this is the right thing to do, or if it will cause problems with
other parts of pine but there is a quick fix.

bash# diff env_unix.c~ env_unix.c
49c49
< static long lock_protection = 0666;
---
> static long lock_protection = 0600;

this file can be found in imap/c-client under the source tree of pine-3.96
and leaves the lock file mode 600:
-rw-------   1 jbourne   users           4 Dec  6 11:16 .2.21200505


IMHO opening/leaving any file on the file system mode 666 is a bad idea, esp
if it's in a directory that has public write permissions.

Regards,
James Bourne

>                         -Iconoclast
>                         iconoclast () thepentagon com
--
James Bourne           |            E-Mail:             jbourne () island net
System Administrator   |            WWW:             http://www.island.net
Island Internet Inc.   |            Linux - The choice of a GNU generation