From owner-freebsd-security Fri Dec 18 20:17:25 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA18540 for freebsd-security-outgoing; Fri, 18 Dec 1998 20:17:25 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA18535 for ; Fri, 18 Dec 1998 20:17:23 -0800 (PST) (envelope-from brett@lariat.org) Received: (from brett@localhost) by lariat.lariat.org (8.8.8/8.8.6) id VAA28532; Fri, 18 Dec 1998 21:17:12 -0700 (MST) Message-Id: <4.1.19981218211628.064e26e0@mail.lariat.org> X-Sender: brett@mail.lariat.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Fri, 18 Dec 1998 21:16:45 -0700 To: security@FreeBSD.ORG From: Brett Glass Subject: wordperfect 8 for linux security (forwarded from Bugtraq) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I sent a similar message to Corel about this. And I figured I'd send it out here in order to prevent people from opening up their systems by installing word perfect 8 before the problem is fixed. When wordperfect 8 is installed it creates a /tmp/wpc- directory with permissions 777. And all files inside of it are mode 666. And when these files are created, symlinks are followed. You already know what this means when root tries to install word perfect. So to those of you who are planning to install word perfect 8 for linux, don't do it as root. Pick another user for doing the job. -- Edsel Adap edsel@adap.org http://www.adap.org/~edsel/ LINUX - the choice of the GNU generation "Netscape is an application which grows to fill all available memory." - me To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message