Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: aaa_base still vulnerable after upgrade

From: vonbrand () SLEIPNIR VALPARAISO CL (Horst von Brand)
Date: Mon, 1 May 2000 10:57:48 -0400

Marc Heuse <marc () SUSE DE> said:

[...]


touch "/tmp/x /etc/rc.config"



btw have you ever tried out this command? It won't work. A filename is not
allowed to have a slash in it's name ...


True. But spaces are legal... this is file etc/rc.config inside directory
"x " inside /tmp

Note that Red Hat duistributes a binary called tmpwatch (written by them
and GPL) which safely deletes /tmp entries. Quite old, AFAIKT.

--
Horst von Brand                             vonbrand () sleipnir valparaiso cl
Casilla 9G, ViƱa del Mar, Chile                               +56 32 672616
Previous By Date Next
Previous By Thread Next

Current thread: