Bugtraq mailing list archives

Re: X11R6 NetBSD Security Problem

From: kvajk () RICOCHET NET (Kevin Vajk)
Date: Sun, 28 Mar 1999 19:01:41 -0800


This patch looks pretty good.  (Much better than the current situatiuon!!!)

A few comments:

On Fri, 26 Mar 1999, Matthieu Herrb wrote:

+    if (errno == EEXIST) {
+     if (stat(path, &buf) != 0) {


This should be lstat().

+     if (S_ISDIR(buf.st_mode) && ((buf.st_mode & ~S_IFMT) == mode)) {
+         return 0;
+     }
+    }


I think you'll want to check the owner of the directory, too.

- Kevin Vajk
  <kvajk () ricochet net>

Current thread:

Re: X11R6 NetBSD Security Problem, (continued)
- Re: X11R6 NetBSD Security Problem in.telnetd (Mar 21)
  - Re: X11R6 NetBSD Security Problem Petras Sinkevicius (Mar 26)
- FrontPage + Apache + FreeBSD Gregory A. Carter (Mar 22)
  - ANNOUNCE: New Security Tool: HostSentry 0.02 Alpha Craig H. Rowland (Mar 25)
  - Re: FrontPage + Apache + FreeBSD Roberto Grassi (Mar 26)
    - Re: FrontPage + Apache + FreeBSD Gregory A. Carter (Mar 26)
- abuse of nickserv Nelson Little (Mar 23)
- Linux 2.2.3 patch to prevent FIN/NULL/XMAS scans Taral (Mar 24)
- not only NetBSD [was Re: X11R6 NetBSD Security Problem] Pavel Machek (Mar 26)
- Re: X11R6 NetBSD Security Problem Matthieu Herrb (Mar 26)
  - Re: X11R6 NetBSD Security Problem Kevin Vajk (Mar 28)
- wu-ftp 2.4.2 (release VR16) /bin/ftponly [ (Mar 27)
- SuSE Security Announcement - XFree86 Marc Heuse (Mar 28)
- Re: X11R6 NetBSD Security Problem /usr/libexec/telnetd (Mar 25)