From: vince <vi...@ge...> - 2003-09-05 00:06:50
|
So if i make my temp file in the SM data dir and that dir is only writable by apache would that clear up the security problem? If so, that would be a fairly easy fix, i would just have to figure out the path that SM is installed in. Vince >> `rm -f $tempfilename`; //clean up unused file >> [snip] >> `rm -f $pngFileName`; //done with the temp file so delete it. >> [snip] >> `rm -f $pngFileName`; //remove the unused gif gile > >Depending on the implementation of Apache and Squirrel these actions are >not safe and could lead to a system compromise. > >You'd be better off adding and deleting files in the data directory of the >squirrelmail install. > >Note: this is the standard temporary file race condition where an app >creates a tmp file, the hacker code replaces that file with a link to a >more critical file on the system, the app comes back a split second later >and deletes the tmp file which is now pointing at let's say.../etc/passwd > >-Tyler |