Date: Tue, 18 May 1999 17:45:40 -0400 (EDT) From: matt <matt@Mlink.NET> To: FreeBSD-QUESTIONS <questions@FreeBSD.ORG> Subject: Wordperfect 8 Message-ID: <Pine.BSF.4.10.9905181736270.6597-100000@ns-1.ccia.cc>
next in thread | raw e-mail | index | archive | help
[NOTE: I know this is not FreeBSD specific, but with all the questions and concerns raised about WP8 on FreeBSD, I thought I might prevent some poor user getting screwed by someone setting up a race and overwriting some files.] As most of us know, there is a security problem with WP8 making a chmod 777 dir in /tmp and blindly following any symlinks in that subdir.. I've created a CHEAP and DIRTY work around. This will make it so that only ONE user can use Wordperfect though, to me it makes no difference.. To some, they might care.. But this is that I did.... I started wordperfect once.. it made the dir /tmp/wpc-ns-1.ccia.cc, I moved /tmp/wpc-ns-1.ccia.cc to /usr/local/lib/corel (my install path for wordperfect) then I made a symlink from /usr/local/lib/corel/wpc-ns-1.ccia.cc to /tmp/wpc-ns-1.ccia.cc. Then, I did a chmod 700 /usr/local/lib/corel so no one could access it. While this is dirty and restricts WP to being ran as root only (or whatever user you make the symlink and/or own /usr/local/lib/corel to. It's much better then having an open dir in /tmp with a program that will follow symlinks. here's how it looks on my system.. root[ns-1]:/tmp# ls -l wpc-ns-1.ccia.cc lrwxr-xr-x 1 root wheel 37 May 17 15:20 wpc-ns-1.ccia.cc@ -> /usr/local/lib/corel/wpc-ns-1.ccia.cc root[ns-1]:/usr/local/lib# ls -l |grep corel drwx------ 10 root wheel 512 May 17 15:20 corel/ root[ns-1]:/usr/local/lib/corel# ls -l total 10 drwx------ 2 root wheel 512 May 17 15:18 shbin10/ drwxrwxrwx 3 root wheel 3072 May 17 15:18 shlib10/ drwx------ 2 root wheel 512 May 17 15:18 wpbin/ drwxrwxrwx 2 root wheel 512 May 18 17:35 wpc-ns-1.ccia.cc/ drwxr-xr-x 2 root wheel 512 May 17 15:18 wpexpdocs/ drwxr-xr-x 2 root wheel 512 May 17 15:18 wpgraphics/ drwxrwxrwx 2 root wheel 512 May 17 15:18 wplib/ drwxr-xr-x 2 root wheel 512 May 17 15:18 wpmacros/ Now, it's completely restrictred to root. and no bad users can make symlinks that root will follow.. for instance.. root[ns-1]:/tmp# su matt matt[ns-1]:/tmp> ls screens/ wpc-ns-1.ccia.cc@ matt[ns-1]:/tmp> cd wpc-ns-1.ccia.cc wpc-ns-1.ccia.cc: Permission denied. matt[ns-1]:/tmp> cd /usr/local/lib/corel /usr/local/lib/corel: Permission denied. I know this is cheap, dirty, but effective.. If WP8 didn't follow symlinks blindly, we wouldn't have this problem in the first place..But since it does follow them blindly, this fix works nicely =) -- Mail: matt@mlink.net && matt@ccia.cc @IRC: irc.idirect.ca && mlink.ca.relic.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9905181736270.6597-100000>