Re: Adobe Acrobat creates world writable ~/AdobeFnt.lst files
From: wim@djo.wtm.tudelft.nlDate: 08/22/01
- Previous message: Lucian Hudin: "sample exploit....Re: *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger Arbitrary Code Execution Vulnerability (fwd)"
- Maybe in reply to: Michael Paoli: "Adobe Acrobat creates world writable ~/AdobeFnt.lst files"
- Next in thread: Darren Moffat: "Re: Adobe Acrobat creates world writable ~/AdobeFnt.lst files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <20010822185446.6738.qmail@djo.wtm.tudelft.nl> From: wim@djo.wtm.tudelft.nl Subject: Re: Adobe Acrobat creates world writable ~/AdobeFnt.lst files To: Darren.Moffat@eng.sun.com Date: Wed, 22 Aug 2001 20:54:46 +0200 (MEST)
> >Adobe Acrobat creates world writable ~/AdobeFnt.lst files
...
> Another possible workaround would be to create a shared object that
> replaced the open/chmod calls that change the permissions on the file,
> this could then be LD_PRELOAD'd so that acroread doesn't do the wrong thing.
>
> Using truss on Solaris we can easily see that acroread actually makes
> an explicit call to set the permissions to 0666.
And what if that call fails?
chattr +i will do miracles, I imagine.
Regards, Wim.
- Previous message: Lucian Hudin: "sample exploit....Re: *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger Arbitrary Code Execution Vulnerability (fwd)"
- Maybe in reply to: Michael Paoli: "Adobe Acrobat creates world writable ~/AdobeFnt.lst files"
- Next in thread: Darren Moffat: "Re: Adobe Acrobat creates world writable ~/AdobeFnt.lst files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
Loading
