At Wed, 18 Apr 2001 18:05:49 +0200 , Paul Starzetz <[EMAIL PROTECTED]> wrote:
>There is symlink vulnerability in the vmware-mount.pl script which comes
>with lates VMware.
>While mounting virtual disk drives using the vmware-mount.pl script, a
>temporary file named vmware-mount.pl.PID where PID is the current pid of
>the command will be created in an insecure manner.
VMWare likes to have a good, safe TMPDIR variable set:
$ grep TMP vmware-mount.pl
return defined($ENV{TMPDIR}) ? $ENV{TMPDIR} : "/tmp";
This is a simple variation on an old theme. Make sure you have safe
TMP and TMPDIR variables set at all times. If you want a set of scripts
for safely creating such dirs and setting env vars at login time, see
my TMPDIR scripts at http://www.tux.org/~peterw/
These will also included with the soon-to-be-released Bastille 1.2.0
-Peter
