"Itamar S.-T." <[EMAIL PROTECTED]> wrote:
> http://linux.corel.com/linux8/linuxfix.htm
>
> I don't understand this. I can see that having 666 files in /tmp isn't
> great. But I checked my installed files and the binary isn't suid root,
> so
> why should there be any major security problem, as long as you don't run
> wp
> as root?
Well, this is the point - if one runs wp as root, it may overwrite _any_
file, given somebody "smart" has arranged a couple of symlinks in /tmp in
advance.
Of course, it's a good idea anyway to restrict yourself to a minimal set of
utilities while working as superuser. On the other hand, many sysadmins can
hardly overcome the temptation to run a freshly installed software from the
same prompt :)
Regards,
Evgeny
--
____________________________________________________________
/ Evgeny Stambulchik <[EMAIL PROTECTED]> \
/ Plasma Laboratory, Weizmann Institute of Science, Israel \ \
| Phone : (972)8-934-3610 == | == FAX : (972)8-934-3491 | |
| URL : http://plasma-gate.weizmann.ac.il/~fnevgeny/ | |
| Finger for PGP key >=====================================+ |
|______________________________________________________________|
