Bugtraq mailing list archives
Re: Solaris patchadd(1) (3) symlink vulnerabilty
From: Paul Szabo <psz () MATHS USYD EDU AU>
Date: Sat, 23 Dec 2000 07:17:26 +1100
Darren Moffat <Darren.Moffat () ENG SUN COM> wrote:
Since patchadd is a script the bug it pretty easy to fix... So here is a set of diffs to patchadd for those that really can't wait. [ replaces /tmp by a safe ${WORKDIR} ]
Wow! That was quick. However you seem to have missed the "cat << EOF" constructs, which I believe were the subject of the original report:
Jonathan Fortin <jfortin () REVELEX COM> wrote:When patchadd is executed, It creates a temporary file called "/tmp/sh<pidofpatchadd>.1" , "/tmp/sh<pidofpatchadd>.2 , "/tmp/sh<pidofpatchadd>.3 and assigns them mode 666 ...
That is a bug in the ksh you are using: do not use "here documents" until you fix the ksh. Need to check/fix all rootly ksh and sh scripts. Paul Szabo - psz () maths usyd edu au http://www.maths.usyd.edu.au:8000/u/psz/ School of Mathematics and Statistics University of Sydney 2006 Australia
Current thread:
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Darren Moffat (Dec 22)
- <Possible follow-ups>
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Paul Szabo (Dec 24)