Date: Tue, 18 May 1999 17:45:40 -0400 (EDT) From: matt <matt@Mlink.NET> To: FreeBSD-QUESTIONS <questions@FreeBSD.ORG> Subject: Wordperfect 8 Message-ID: <Pine.BSF.4.10.9905181736270.6597-100000@ns-1.ccia.cc>
next in thread | raw e-mail | index | archive | help
[NOTE: I know this is not FreeBSD specific, but with all the questions
and concerns raised about WP8 on FreeBSD, I thought I might prevent
some poor user getting screwed by someone setting up a race and
overwriting some files.]
As most of us know, there is a security problem with WP8 making a chmod
777 dir in /tmp and blindly following any symlinks in that subdir.. I've
created a CHEAP and DIRTY work around. This will make it so that only ONE
user can use Wordperfect though, to me it makes no difference.. To some,
they might care.. But this is that I did.... I started wordperfect once..
it made the dir /tmp/wpc-ns-1.ccia.cc, I moved /tmp/wpc-ns-1.ccia.cc to
/usr/local/lib/corel (my install path for wordperfect) then I made a
symlink from /usr/local/lib/corel/wpc-ns-1.ccia.cc to /tmp/wpc-ns-1.ccia.cc.
Then, I did a chmod 700 /usr/local/lib/corel so no one could access it.
While this is dirty and restricts WP to being ran as root only (or
whatever user you make the symlink and/or own /usr/local/lib/corel to.
It's much better then having an open dir in /tmp with a program that will
follow symlinks. here's how it looks on my system..
root[ns-1]:/tmp# ls -l wpc-ns-1.ccia.cc
lrwxr-xr-x 1 root wheel 37 May 17 15:20 wpc-ns-1.ccia.cc@ ->
/usr/local/lib/corel/wpc-ns-1.ccia.cc
root[ns-1]:/usr/local/lib# ls -l |grep corel
drwx------ 10 root wheel 512 May 17 15:20 corel/
root[ns-1]:/usr/local/lib/corel# ls -l
total 10
drwx------ 2 root wheel 512 May 17 15:18 shbin10/
drwxrwxrwx 3 root wheel 3072 May 17 15:18 shlib10/
drwx------ 2 root wheel 512 May 17 15:18 wpbin/
drwxrwxrwx 2 root wheel 512 May 18 17:35 wpc-ns-1.ccia.cc/
drwxr-xr-x 2 root wheel 512 May 17 15:18 wpexpdocs/
drwxr-xr-x 2 root wheel 512 May 17 15:18 wpgraphics/
drwxrwxrwx 2 root wheel 512 May 17 15:18 wplib/
drwxr-xr-x 2 root wheel 512 May 17 15:18 wpmacros/
Now, it's completely restrictred to root. and no bad users can make
symlinks that root will follow.. for instance..
root[ns-1]:/tmp# su matt
matt[ns-1]:/tmp> ls
screens/ wpc-ns-1.ccia.cc@
matt[ns-1]:/tmp> cd wpc-ns-1.ccia.cc
wpc-ns-1.ccia.cc: Permission denied.
matt[ns-1]:/tmp> cd /usr/local/lib/corel
/usr/local/lib/corel: Permission denied.
I know this is cheap, dirty, but effective.. If WP8 didn't follow symlinks
blindly, we wouldn't have this problem in the first place..But since it
does follow them blindly, this fix works nicely =)
--
Mail: matt@mlink.net && matt@ccia.cc
@IRC: irc.idirect.ca && mlink.ca.relic.net
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9905181736270.6597-100000>