From owner-freebsd-questions Tue May 18 14:45:55 1999 Delivered-To: freebsd-questions@freebsd.org Received: from Argon.Mlink.NET (Argon.Mlink.NET [205.236.182.18]) by hub.freebsd.org (Postfix) with ESMTP id D762314D9A for ; Tue, 18 May 1999 14:45:52 -0700 (PDT) (envelope-from matt@Mlink.NET) Received: from ns-1.ccia.cc (matt@ns-1.ccia.cc [209.104.81.126]) by Argon.Mlink.NET (8.8.8/8.8.2) with ESMTP id RAA15157 for ; Tue, 18 May 1999 17:43:50 -0400 (EDT) Date: Tue, 18 May 1999 17:45:40 -0400 (EDT) From: matt X-Sender: matt@ns-1.ccia.cc To: FreeBSD-QUESTIONS Subject: Wordperfect 8 Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG [NOTE: I know this is not FreeBSD specific, but with all the questions and concerns raised about WP8 on FreeBSD, I thought I might prevent some poor user getting screwed by someone setting up a race and overwriting some files.] As most of us know, there is a security problem with WP8 making a chmod 777 dir in /tmp and blindly following any symlinks in that subdir.. I've created a CHEAP and DIRTY work around. This will make it so that only ONE user can use Wordperfect though, to me it makes no difference.. To some, they might care.. But this is that I did.... I started wordperfect once.. it made the dir /tmp/wpc-ns-1.ccia.cc, I moved /tmp/wpc-ns-1.ccia.cc to /usr/local/lib/corel (my install path for wordperfect) then I made a symlink from /usr/local/lib/corel/wpc-ns-1.ccia.cc to /tmp/wpc-ns-1.ccia.cc. Then, I did a chmod 700 /usr/local/lib/corel so no one could access it. While this is dirty and restricts WP to being ran as root only (or whatever user you make the symlink and/or own /usr/local/lib/corel to. It's much better then having an open dir in /tmp with a program that will follow symlinks. here's how it looks on my system.. root[ns-1]:/tmp# ls -l wpc-ns-1.ccia.cc lrwxr-xr-x 1 root wheel 37 May 17 15:20 wpc-ns-1.ccia.cc@ -> /usr/local/lib/corel/wpc-ns-1.ccia.cc root[ns-1]:/usr/local/lib# ls -l |grep corel drwx------ 10 root wheel 512 May 17 15:20 corel/ root[ns-1]:/usr/local/lib/corel# ls -l total 10 drwx------ 2 root wheel 512 May 17 15:18 shbin10/ drwxrwxrwx 3 root wheel 3072 May 17 15:18 shlib10/ drwx------ 2 root wheel 512 May 17 15:18 wpbin/ drwxrwxrwx 2 root wheel 512 May 18 17:35 wpc-ns-1.ccia.cc/ drwxr-xr-x 2 root wheel 512 May 17 15:18 wpexpdocs/ drwxr-xr-x 2 root wheel 512 May 17 15:18 wpgraphics/ drwxrwxrwx 2 root wheel 512 May 17 15:18 wplib/ drwxr-xr-x 2 root wheel 512 May 17 15:18 wpmacros/ Now, it's completely restrictred to root. and no bad users can make symlinks that root will follow.. for instance.. root[ns-1]:/tmp# su matt matt[ns-1]:/tmp> ls screens/ wpc-ns-1.ccia.cc@ matt[ns-1]:/tmp> cd wpc-ns-1.ccia.cc wpc-ns-1.ccia.cc: Permission denied. matt[ns-1]:/tmp> cd /usr/local/lib/corel /usr/local/lib/corel: Permission denied. I know this is cheap, dirty, but effective.. If WP8 didn't follow symlinks blindly, we wouldn't have this problem in the first place..But since it does follow them blindly, this fix works nicely =) -- Mail: matt@mlink.net && matt@ccia.cc @IRC: irc.idirect.ca && mlink.ca.relic.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message