Bugtraq mailing list archives

Environment variables (SECURITY: too many new packages)

From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Wed, 1 Jul 1998 00:42:10 +2500


Bugtraq readers who haven't been following the Linux security audit
project (from whence most of the Red Hat fixes came - and other vendors
will I assume be issuing identical updates) might like to take a look
at how their own OS handles pointing the following at files only root
can read and running setuid apps. (or setgid usage in some cases such as
Mutt)
        TZ
        TERMINFO
        TERMCAP

There are lots of files which when read do 'interesting' things, and termcap
in paticular is fun because it tends to read the entire floppy/tape/memory
etc before it gives up.

This raises another related question. Has anyone ever tried to build the
complete list of environment influenced file opens in not just libc but
all the supporting libraries in unix systems ?


A PS item btw: 2.0.35pre3 fixes the bug reported with SIGIO, and it should
be out as 2.0.35 proper RSN - 2.0.35pre3 is a release candidate. We hadn't
planned on a 2.0.35 release quite that soon but such is life.

Alan

Current thread:

Re: patch for qpopper remote exploit bug Steven Winikoff (Jun 28)
- <Possible follow-ups>
- Re: patch for qpopper remote exploit bug Ben Laurie (Jun 28)
- Re: patch for qpopper remote exploit bug Johan Danielsson (Jun 28)
- Re: patch for qpopper remote exploit bug Steven Winikoff (Jun 29)
- Re: patch for qpopper remote exploit bug Kev (Jun 29)
  - Re: patch for qpopper remote exploit bug David DeSimone (Jun 30)
  - SECURITY: too many new packages twiztah (Jun 30)
    - Environment variables (SECURITY: too many new packages) Alan Cox (Jun 29)
    - Qualcomm's qpopper 2.5 Aleph One (Jun 30)