From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,9960fa51a4a478af X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2002-02-10 11:30:00 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!newsfeeds.belnet.be!news.belnet.be!news.ebone.net!news1.ebone.net!newsfeed.vmunix.org!newsfeed2.easynews.net!easynews.net!news.cid.net!news.enyo.de!not-for-mail From: Florian Weimer Newsgroups: comp.lang.ada Subject: Re: ACT announces availability of GNAT 3.14p Date: Sun, 10 Feb 2002 20:23:50 +0100 Organization: Enyo -- not your organization Message-ID: <87n0yhf8e1.fsf@deneb.enyo.de> References: <5ee5b646.0201301849.4e951bcb@posting.google.com> <5ee5b646.0202071709.11b3f88c@posting.google.com> <87ofixit6v.fsf@deneb.enyo.de> <5ee5b646.0202101038.68b3b71f@posting.google.com> NNTP-Posting-Host: deneb.enyo.de Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: cygnus.enyo.de 1013369034 26753 212.9.189.171 (10 Feb 2002 19:23:54 GMT) X-Complaints-To: abuse@enyo.de NNTP-Posting-Date: 10 Feb 2002 19:23:54 GMT Cancel-Lock: sha1:PzlA0HDpgVWu3hxdYtp5IfAwhPc= Xref: archiver1.google.com comp.lang.ada:19840 Date: 2002-02-10T19:23:54+00:00 List-Id: dewar@gnat.com (Robert Dewar) writes: > We are of course aware of this bug report which was retired > some time ago (but after 3.14p was frozen), but "security > defect" is rather extreme considering how this is used. > You can always use scary language like this to talk about > anything, but it is a bit over the top in this case! No, it isn't. /tmp is shared on multi-user UNIX systems, and if a malicious local user creates a symbolic link with a suitable name at the right time, the output which is supposed to be written into a newly-created temporary file is redirected to a different file instead, which can have devastating effects (suppose that /etc/passwd is overwritten, for example). For many different pieces of software, it has been demonstrated over and over again that such attacks are indeed possible, so this is not just a theoretical issue. (BTW, this is also true for the buffer overflow bug in the current FSF sources I reported for the second or third time.) A random sample of similar problems: http://www.kb.cert.org/vuls/id/426273 http://www.kb.cert.org/vuls/id/626919 http://www.cert.org/vendor_bulletins/VB-97.05.lynx http://www.ciac.org/ciac/bulletins/l-084.shtml http://www.securityfocus.com/bid/3135 http://www.securiteam.com/unixfocus/5XP0M2A4BU.html http://cert.uni-stuttgart.de/archive/win-sec-ssc/2000/09/msg00012.html http://www.insecure.org/sploits/sam.hpux.race.html > And if you think there is a "security defect" in the current version > (I disagree), you should report it (to > GNATS or report@gnat.com). I have nothing to add to the old bug report. I think it contains all the relevant information.