From gzip-1.3.12/NEWS:
...
Major changes in Gzip 1.3.11 (2007-02-05)
* As per the GNU coding standards, the behavior of gzip and its
companion executables no longer depend on the name used to invoke them.
For example, 'gzip' and 'gunzip' are no longer hard links;
instead, 'gunzip' is now a small program that invokes 'gzip -d'.
...
Looking into /usr/local/bin/gzunip:
joerg @ taifun> cat /usr/local/bin/gunzip
#!/bin/bash
PATH=${GZIP_BINDIR-'/usr/local/bin'}:$PATH
exec gzip -d "$@"
joerg @ taifun>
Hmmm, doesn't this open a new security hole?
Formerly a (possibly suid) program could do
execl ("/usr/local/bin/gunzip", arg1, arg2, arg3, ...);
and was more or less safe to execute the well known program.
Now an attacker can trick this program with
GZIP_BINDIR=/tmp/something program
to get /tmp/something/gzip executed.
But then: executing suid programes with possibly polluted environment
isn't safe anyway.
Joerg
--
Mail: [EMAIL PROTECTED] Tel: 2198
Real: Joerg Lehners, Informatik ARBI, Uni Oldenburg, D-26111 Oldenburg
Unwoerter: Kostensenkung - Gewinnmaximierung - billig, billig, billig
