Bugtraq mailing list archives
Re: X11R6 NetBSD Security Problem
From: kvajk () RICOCHET NET (Kevin Vajk)
Date: Sun, 28 Mar 1999 19:01:41 -0800
This patch looks pretty good. (Much better than the current situatiuon!!!) A few comments: On Fri, 26 Mar 1999, Matthieu Herrb wrote:
+ if (errno == EEXIST) { + if (stat(path, &buf) != 0) {
This should be lstat().
+ if (S_ISDIR(buf.st_mode) && ((buf.st_mode & ~S_IFMT) == mode)) { + return 0; + } + }
I think you'll want to check the owner of the directory, too. - Kevin Vajk <kvajk () ricochet net>
Current thread:
- Re: X11R6 NetBSD Security Problem, (continued)
- Re: X11R6 NetBSD Security Problem in.telnetd (Mar 21)
- Re: X11R6 NetBSD Security Problem Petras Sinkevicius (Mar 26)
- FrontPage + Apache + FreeBSD Gregory A. Carter (Mar 22)
- ANNOUNCE: New Security Tool: HostSentry 0.02 Alpha Craig H. Rowland (Mar 25)
- Re: FrontPage + Apache + FreeBSD Roberto Grassi (Mar 26)
- Re: FrontPage + Apache + FreeBSD Gregory A. Carter (Mar 26)
- abuse of nickserv Nelson Little (Mar 23)
- Linux 2.2.3 patch to prevent FIN/NULL/XMAS scans Taral (Mar 24)
- not only NetBSD [was Re: X11R6 NetBSD Security Problem] Pavel Machek (Mar 26)
- Re: X11R6 NetBSD Security Problem Matthieu Herrb (Mar 26)
- Re: X11R6 NetBSD Security Problem Kevin Vajk (Mar 28)
- wu-ftp 2.4.2 (release VR16) /bin/ftponly [ (Mar 27)
- SuSE Security Announcement - XFree86 Marc Heuse (Mar 28)
- Re: X11R6 NetBSD Security Problem /usr/libexec/telnetd (Mar 25)
- Re: X11R6 NetBSD Security Problem in.telnetd (Mar 21)