From owner-freebsd-hackers  Thu Jun 13  9:22:40 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from parhelion.firedrake.org (parhelion.firedrake.org [212.135.138.219])
	by hub.freebsd.org (Postfix) with ESMTP id BE35A37B431
	for <hackers@freebsd.org>; Thu, 13 Jun 2002 09:22:35 -0700 (PDT)
Received: from float by parhelion.firedrake.org with local (Exim 3.35 #1 (Debian))
	id 17IXI3-0006kx-00
	for <hackers@freebsd.org>; Thu, 13 Jun 2002 17:17:39 +0100
Date: Thu, 13 Jun 2002 17:17:39 +0100
To: hackers@freebsd.org
Subject: security bug in /etc/rc in -STABLE?
Message-ID: <20020613161739.GA25926@parhelion.firedrake.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.28i
From: void <float@firedrake.org>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

I cvsupped -STABLE yesterday, and I was just running mergemaster when I
saw:

 # Remove X lock files, since they will prevent you from restarting X11
 # after a system crash.
 #
-rm -f /tmp/.X*-lock /tmp/.X11-unix/*
+rm -f /tmp/.X*-lock
+rm -fr /tmp/.X11-unix

Aren't both the old and new versions vulnerable to symlink attacks?

-- 
 Ben

"An art scene of delight
 I created this to be ..."		-- Sun Ra

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message