Hacker's Arsenal - The Cutting Edge of Hacking

home *** CD-ROM | disk | FTP | other *** search

/ Hacker's Arsenal - The Cutting Edge of Hacking / Hacker's Arsenal - The Cutting Edge of Hacking.iso / texts / misc / wordperfect8.txt < prev next >

Wrap

Internet Message Format | 2001-07-11 | 4KB

Date: Fri, 18 Dec 1998 11:47:45 -0500 From: Edsel Adap <adap@ADAP.ORG> Reply-To: Bugtraq List <BUGTRAQ@netspace.org> To: BUGTRAQ@netspace.org Subject: wordperfect 8 for linux security Hi, I sent a similar message to Corel about this. And I figured I'd send it out here in order to prevent people from opening up their systems by installing word perfect 8 before the problem is fixed. When wordperfect 8 is installed it creates a /tmp/wpc-<hostname> directory with permissions 777. And all files inside of it are mode 666. And when these files are created, symlinks are followed. You already know what this means when root tries to install word perfect. So to those of you who are planning to install word perfect 8 for linux, don't do it as root. Pick another user for doing the job. -- Edsel Adap edsel@adap.org http://www.adap.org/~edsel/ LINUX - the choice of the GNU generation "Netscape is an application which grows to fill all available memory." - me ---------------------------------------------------------------------------- Date: Sat, 19 Dec 1998 00:15:11 -0500 From: Dug Song <dugsong@MONKEY.ORG> Reply-To: Bugtraq List <BUGTRAQ@netspace.org> To: BUGTRAQ@netspace.org Subject: Re: wordperfect 8 for linux security On Fri, 18 Dec 1998, Edsel Adap wrote: > When wordperfect 8 is installed it creates a /tmp/wpc-<hostname> > directory with permissions 777. And all files inside of it are mode > 666. And when these files are created, symlinks are followed. if you're running OpenBSD, this is already fixed and in the ports tree: /usr/ports/editors/wordperfect everyone else can just set $TMPDIR before running the install script... -d. --- http://www.monkey.org/~dugsong/ ---------------------------------------------------------------------- Date: Sat, 19 Dec 1998 20:11:40 -0500 From: Peter W <peterw@CLARK.NET> Reply-To: Bugtraq List <BUGTRAQ@netspace.org> To: BUGTRAQ@netspace.org Subject: Re: wordperfect 8 for linux security Aleph: minor error in the first test of the script, should have quoted the env var in case it was not set. This should be correct, please use this if you have not already approved the previous note. Sorry, and thanks. -Peter Keith Owens wrote: > On Fri, 18 Dec 1998 11:47:45 -0500, > Edsel Adap <adap@ADAP.ORG> wrote: > >When wordperfect 8 is installed it creates a /tmp/wpc-<hostname> > >directory with permissions 777. And all files inside of it are mode > >666. And when these files are created, symlinks are followed. > > Worse that that. Even if you delete the wpc-<hostname> file, the next > time you run wpc it creates it again. So do not run wp8 under any > powerful userid. As noted before, WordPerfect respects TMPDIR, so start the app with something like: #!/bin/sh # Set $TMPDIR to ~/tmp if the user doesn't already have a TMPDIR variable if [ "${TMPDIR}" = "" ]; then TMPDIR=${HOME}/tmp fi if [ ! -d "${TMPDIR}" ]; then # Need to make a new directory TMPDIR_TEST="error" /bin/mkdir "${TMPDIR}" && TMPDIR_TEST="ok" if [ ${TMPDIR_TEST} != "ok" ]; then /bin/echo "Unable to create safe tmp directory ${TMPDIR}" exit 1 fi /bin/chmod o= "${TMPDIR}" fi # Set $TMPDIR for the wpc-$HOSTNAME junk export TMPDIR # Clear LD_LIBRARY_PATH to prevent reported seg faults LD_LIBRARY_PATH="" export LD_LIBRARY_PATH # Set the PATH and exec the app, passing any command-line args PATH=${PATH}:/path/to/wordperfect/wpbin export PATH exec xwp "${@-}" & (thanks to Billy Ball, Bruce Israel, and David Niemi) -Peter