Bugtraq mailing list archives
Re: *sigh* another RH5 /tmp problem
From: ewt () REDHAT COM (Erik Troan)
Date: Tue, 10 Mar 1998 09:22:15 -0500
On Mon, 9 Mar 1998, Mark A. Spencer wrote:
RedHat 5, when using dhcp to configure the interface calls a script called "ifdhcpc-done" to be executed after a dhcp interface is configured. At the end of the process it updates resolv.conf: if [ -f /etc/dhcpc/resolv.conf ]; then echo "setting up resolv.conf" >> /tmp/dhcplog cp /etc/dhcpc/resolv.conf /etc fi There is no protection against the dhcplog file being a symbolic link, clobbering, blah de blah de blah... (it seems pretty useless to maintain it too, since this is the only message that ever seems to appear in the log).
This was an oversight on my fault. /tmp/dhcplog was a log file I was using when originally implementing dhcp support in our scripts. I've fixed this, and I'll have the update (initscripts-3.32) on our ftp site today. Thanks for pointing this out Mark. Erik ------------------------------------------------------------------------------- | "For the next two hours, VH1 will be filled with foul-mouthed, | | crossdressing Australians. Viewer discretion is advised." | | | | Linux Application Development -- http://www.redhat.com/~johnsonm/lad |
Current thread:
- Re: another /tmp race: `perl -e' opens temp file not safely, (continued)
- Re: another /tmp race: `perl -e' opens temp file not safely Theo de Raadt (Mar 07)
- Re: another /tmp race: `perl -e' opens temp file not safely stanislav shalunov (Mar 07)
- Re: another /tmp race: `perl -e' opens temp file not safely Theo de Raadt (Mar 07)
- Re: another /tmp race: `perl -e' opens temp file not safely stanislav shalunov (Mar 08)
- Re: another /tmp race: `perl -e' opens temp file not safely Theo de Raadt (Mar 08)
- r00t Advisory [ LitterMaid Race Condition ] X (Mar 07)
- Re: another /tmp race: `perl -e' opens temp file not safely stanislav shalunov (Mar 08)
- Re: another /tmp race: `perl -e' opens temp file not safely Theo de Raadt (Mar 08)
- Updated list of crypto and security courses Avi Rubin (Mar 09)
- *sigh* another RH5 /tmp problem Mark A. Spencer (Mar 09)
- Re: *sigh* another RH5 /tmp problem Erik Troan (Mar 10)
- Re: Linux libc5 'bug' in mkstemp(). Andreas Jaeger (Mar 10)
- Re: another /tmp race: `perl -e' opens temp file not safely stanislav shalunov (Mar 07)
- Linux libc5 'bug' in mkstemp(). Greg Alexander (Mar 09)
- Re: Linux libc5 'bug' in mkstemp(). Casper Dik (Mar 10)
- Re: another /tmp race: `perl -e' opens temp file not safely Theo de Raadt (Mar 07)
- Re: Plaintext passwords in Chase Online Banking dorqus maximus (Mar 08)