Date: Wed, 11 Apr 2001 13:28:51 +0300 From: Yonatan Bokovza <Yonatan@xpert.com> To: "'security@freebsd.org'" <security@freebsd.org> Subject: insecure tmp file creation in ksh93 port Message-ID: <EB513E68D3F5D41191CA000255588101720F@mailserv.xpert.com>
next in thread | raw e-mail | index | archive | help
Hi, I'm was looking at hardening the rksh for a client when I saw the following lines in src/cmd/ksh93/features/options.sh: --- cat > /tmp/file$$ <<! #! /bin/echo exit 1 ! chmod 755 /tmp/file$$ if /tmp/file$$ > /dev/null then echo "#define SHELLMAGIC 1" fi rm -f /tmp/file$$ --- what gives? J. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EB513E68D3F5D41191CA000255588101720F>