slight security bug in /bin/sort
Joel C. McClung
joel at prcrs.UUCP
Wed Jul 17 05:25:27 AEST 1985
There is a slight security bug in /bin/sort when it creates temporary
files in /usr/tmp. The temporary files are of the form: stmPIDXX where
PID is the process id, and XX is a set of barber-pole characters (aa,
ab, ac, ..., az, ba, bb, etc). The first temporary file is created
with a mode of 600, but any subsequent tmp files are created with your
default permissions.
Repeat by:
Run /bin/sort on a very large file and look at the temp
files created in /usr/tmp. On my system, a new temp file
is created whenever the current tmp file is approximately
12,500 bytes large.
Fix: I can't. We are a binary-only site.
--
Joel C. McClung {seismo!rlgvax,cbosgd!dolqci,nrcaero,petsd,pesnta}!prcrs!joel
Planning Research Corporation
1500 Planning Research Drive
McLean, VA 22102 (703) 556-2644
More information about the Net.bugs.v7
mailing list