Re: /lib/ld-2.2.4.so
From: Kurt Seifried (bugtraq@seifried.org)Date: 04/25/02
- Previous message: Tech Support: "RE: /lib/ld-2.2.4.so"
- In reply to: Bill Weiss: "Re: /lib/ld-2.2.4.so"
- Next in thread: Robert A. Seace: "Re: /lib/ld-2.2.4.so"
- Next in thread: Pavel Kankovsky: "Re: /lib/ld-2.2.4.so"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Kurt Seifried" <bugtraq@seifried.org> To: "Bill Weiss" <houdini@nmt.edu>, <vuln-dev@securityfocus.com>, <focus-linux@securityfocus.com> Date: Wed, 24 Apr 2002 20:40:13 -0600
/tmp
/var/tmp (sometimes a symlink to /tmp)
/home
/var/spool/mail/username
Mail queue injection dir on some systems is world writeable and readable.
Various X games have score files that can be written to/read from.
Many 3rd party software packages create world readable/writeable files and
directories:
find / -type f -perm +002
find / -type d -perm +002
Lotsa places. Hence the importance of segregating areas users can write to,
directly (/tmp) or indirectly (/var/log).
Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
http://www.iDefense.com/
- Previous message: Tech Support: "RE: /lib/ld-2.2.4.so"
- In reply to: Bill Weiss: "Re: /lib/ld-2.2.4.so"
- Next in thread: Robert A. Seace: "Re: /lib/ld-2.2.4.so"
- Next in thread: Pavel Kankovsky: "Re: /lib/ld-2.2.4.so"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
