home *** CD-ROM | disk | FTP | other *** search
- Date: Fri, 18 Dec 1998 11:47:45 -0500
- From: Edsel Adap <adap@ADAP.ORG>
- Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
- To: BUGTRAQ@netspace.org
- Subject: wordperfect 8 for linux security
-
- Hi,
-
- I sent a similar message to Corel about this. And I figured I'd send
- it out here in order to prevent people from opening up their systems by
- installing word perfect 8 before the problem is fixed.
-
- When wordperfect 8 is installed it creates a /tmp/wpc-<hostname>
- directory with permissions 777. And all files inside of it are mode
- 666. And when these files are created, symlinks are followed.
-
- You already know what this means when root tries to install word
- perfect.
-
- So to those of you who are planning to install word perfect 8 for
- linux, don't do it as root. Pick another user for doing the job.
-
- --
- Edsel Adap
- edsel@adap.org
- http://www.adap.org/~edsel/ LINUX - the choice of the GNU generation
-
- "Netscape is an application which grows to fill all available memory." - me
-
- ----------------------------------------------------------------------------
-
- Date: Sat, 19 Dec 1998 00:15:11 -0500
- From: Dug Song <dugsong@MONKEY.ORG>
- Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
- To: BUGTRAQ@netspace.org
- Subject: Re: wordperfect 8 for linux security
-
- On Fri, 18 Dec 1998, Edsel Adap wrote:
-
- > When wordperfect 8 is installed it creates a /tmp/wpc-<hostname>
- > directory with permissions 777. And all files inside of it are mode
- > 666. And when these files are created, symlinks are followed.
-
- if you're running OpenBSD, this is already fixed and in the ports tree:
-
- /usr/ports/editors/wordperfect
-
- everyone else can just set $TMPDIR before running the install script...
-
- -d.
-
- ---
- http://www.monkey.org/~dugsong/
-
- ----------------------------------------------------------------------
-
- Date: Sat, 19 Dec 1998 20:11:40 -0500
- From: Peter W <peterw@CLARK.NET>
- Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
- To: BUGTRAQ@netspace.org
- Subject: Re: wordperfect 8 for linux security
-
- Aleph: minor error in the first test of the script, should have quoted the env var in case it was not set. This should be correct, please use
- this if you have not already approved the previous note.
-
- Sorry, and thanks.
-
- -Peter
-
- Keith Owens wrote:
-
- > On Fri, 18 Dec 1998 11:47:45 -0500,
- > Edsel Adap <adap@ADAP.ORG> wrote:
- > >When wordperfect 8 is installed it creates a /tmp/wpc-<hostname>
- > >directory with permissions 777. And all files inside of it are mode
- > >666. And when these files are created, symlinks are followed.
- >
- > Worse that that. Even if you delete the wpc-<hostname> file, the next
- > time you run wpc it creates it again. So do not run wp8 under any
- > powerful userid.
-
- As noted before, WordPerfect respects TMPDIR, so start the app with something like:
-
- #!/bin/sh
- # Set $TMPDIR to ~/tmp if the user doesn't already have a TMPDIR variable
- if [ "${TMPDIR}" = "" ]; then
- TMPDIR=${HOME}/tmp
- fi
- if [ ! -d "${TMPDIR}" ]; then
- # Need to make a new directory
- TMPDIR_TEST="error"
- /bin/mkdir "${TMPDIR}" && TMPDIR_TEST="ok"
- if [ ${TMPDIR_TEST} != "ok" ]; then
- /bin/echo "Unable to create safe tmp directory ${TMPDIR}"
- exit 1
- fi
- /bin/chmod o= "${TMPDIR}"
- fi
- # Set $TMPDIR for the wpc-$HOSTNAME junk
- export TMPDIR
- # Clear LD_LIBRARY_PATH to prevent reported seg faults
- LD_LIBRARY_PATH="" export LD_LIBRARY_PATH
- # Set the PATH and exec the app, passing any command-line args
- PATH=${PATH}:/path/to/wordperfect/wpbin export PATH
- exec xwp "${@-}" &
-
- (thanks to Billy Ball, Bruce Israel, and David Niemi)
-
- -Peter
-
