From owner-freebsd-security  Tue Sep  8 14:51:30 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA19660
          for freebsd-security-outgoing; Tue, 8 Sep 1998 14:51:30 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from indigo.ie (ts02-057.dublin.indigo.ie [194.125.134.187])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA19651
          for <freebsd-security@FreeBSD.ORG>; Tue, 8 Sep 1998 14:51:26 -0700 (PDT)
          (envelope-from rotel@indigo.ie)
Received: (from nsmart@localhost)
	by indigo.ie (8.8.8/8.8.7) id WAA00732;
	Tue, 8 Sep 1998 22:45:00 +0100 (IST)
	(envelope-from rotel@indigo.ie)
From: Niall Smart <rotel@indigo.ie>
Message-Id: <199809082145.WAA00732@indigo.ie>
Date: Tue, 8 Sep 1998 22:45:00 +0000
In-Reply-To: <Pine.SOL.3.96.980423160425.8809A-100000@banshee.cs.uow.edu.au>; Nicholas Charles Brawn <ncb05@uow.edu.au>
Reply-To: rotel@indigo.ie
X-Files: The truth is out there
X-Mailer: Mail User's Shell (7.2.6 beta(3) 11/17/96)
To: Nicholas Charles Brawn <ncb05@uow.edu.au>, freebsd-security@FreeBSD.ORG
Subject: Re: Symlinks again...
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Apr 23,  4:09pm, Nicholas Charles Brawn wrote:
} Subject: Symlinks again...
> Another symlink problem.
> 
> The script /usr/libexec/locate.updatedb and /usr/libexec/locate.mklocatedb
> create predictable filenames in /tmp. Example attack is shown below.

Bah, I sent in patches for this ages ago (6, 7 months?) in a PR,
obviously everyone's too busy to care about security.

Niall

-- 
Niall Smart, rotel@indigo.ie.
Amaze your friends and annoy your enemies:
echo '#define if(x) if (!(x))' >> /usr/include/stdio.h

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message