Ultrix x.x /etc/rc.local security holes via /tmp/t1
Leonard Peirce
peirce at gumby.cc.wmich.edu
Fri Mar 1 01:38:30 AEST 1991
In article <1991Feb28.131938.29631 at cs.widener.edu> brendan at cs.widener.edu (Brendan Kehoe) writes:
>In <1991Feb28.083356.6769 at watcgl.waterloo.edu>, idallen at watcgl.waterloo.edu writes:
>>On Ultrix (any version), if you happen to have directories named
>>/tmp/t1 or /tmp/t2, all kinds of nasty things will happen to your
>>/etc/motd and /etc/gettytab because /etc/rc.local assumes it can write
>>to these tmp names as files, and it edits the contents into your
>>/etc/motd and /etc/gettytab.
>
> Suns have the same problem; just change the /tmp/t1 and /tmp/t2
> names to /etc/t1 and /etc/t2 -- since rc.local's run as root, you'll
> be fine.
You could just add
rm -fr /tmp/t1 /tmp/t2
just before the edit to motd.
I always just comment out the entire mess. I can maintain motd myself; I don't need
rc.local to change it for every reboot.
--
Leonard Peirce Internet: peirce at gumby.cc.wmich.edu
Western Michigan University peirce at gw.wmich.edu
Academic Computing Services UUCP: ...!uunet!sharkey!wmichgw!peirce
Kalamazoo, MI 49008 Phone: (616) 387-5469
More information about the Comp.unix.ultrix
mailing list