PPP-off command uses /tmp insecurely ------------------------------------------------------------------------ SUMMARY Slackware Linux's ppp-off command uses /tmp insecurely by writing ps output to /tmp/grep.tmp, allowing an unprivileged user to overwrite any file as root, by simply linking the file to anything else. DETAILS In Slackware Linux the script /usr/bin/ppp-off writes the output of 'ps x' to /tmp/grep.tmp. Since root is the user that runs ppp-off, a non-privileged user could create a link from /tmp/grep.tmp to any file (i.e.: /etc/issue), thus when root runs the ppp-off script, the output of 'ps x' would be put in the linked file destroying the linked file. Workaround: The fix would be to replace every instance of /tmp/grep.tmp in the ppp-off script to something along the line of /root/grep.tmp. -- Eko Sulistiono MIKRODATA & AntiVirus Media Web: http://www.mikrodata.co.id/ WAP: http://www.mikrodata.co.id/wap/index.wml This message contains no viruses. Guaranteed by AVP. ------------------------------------------------------------------------ Forum Komunikasi Penulis-Pembaca MIKRODATA (FKPPM) Informasi : http:[EMAIL PROTECTED] Arsip : http://www.mail-archive.com/forum%40mikrodata.co.id/ WAP : http://mikrodata.co.id/wap/index.wml Milis ini menjadi kontribusi beberapa rubrik yang diasuh tim MIKRODATA. Termasuk rubrik-rubrik yang ada di media lain. Memakai, Menyebarluaskan, dan Memperbanyak software bajakan adalah tindakan kriminal. Please check with the latest AVP update before you ask about virus: ftp://mikrodata.co.id/avirus_&_security/AntiViral_Toolkit_Pro/avp30.zip
