Date: Thu, 13 Jun 2002 11:37:42 -0500 From: Dan Nelson <dnelson@allantgroup.com> To: void <float@firedrake.org> Cc: hackers@FreeBSD.ORG Subject: Re: security bug in /etc/rc in -STABLE? Message-ID: <20020613163742.GB37481@dan.emsphone.com> In-Reply-To: <20020613161739.GA25926@parhelion.firedrake.org> References: <20020613161739.GA25926@parhelion.firedrake.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Jun 13), void said:
> I cvsupped -STABLE yesterday, and I was just running mergemaster when I
> saw:
>
> # Remove X lock files, since they will prevent you from restarting X11
> # after a system crash.
> #
> -rm -f /tmp/.X*-lock /tmp/.X11-unix/*
> +rm -f /tmp/.X*-lock
> +rm -fr /tmp/.X11-unix
>
> Aren't both the old and new versions vulnerable to symlink attacks?
From the manpage:
The rm utility removes symbolic links, not the files referenced by
the links.
If rm -rf is passed the name of a symlink to a directory, only the
symlink is removed.
The old version was vulnerable to someone symlinking .X11-unix to, say,
/etc.
--
Dan Nelson
dnelson@allantgroup.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020613163742.GB37481>