![[LWN Logo]](/images/lwn.banner.gif)
Date: Thu, 26 Mar 1998 19:26:37 -0600 From: Steven Pritchard <steve@SILUG.ORG> Subject: Re: Majordomo /tmp exploit To: BUGTRAQ@NETSPACE.ORG Karl G - NOC Admin said: > -=x-ploit=- > create a symlink in /tmp to any majordomo file > ex: ln -s /usr/lib/majordomo/majordomo /tmp/majordomo.debug Looking at the latest version of majordomo (1.94.4), it seems the problem isn't that bad. A well-configured majordomo is not vulnerable. (By "well-configured", I mean where the admin has edited majordomo.cf to change $TMPDIR to something not world-writable. If you haven't done that yet, do it now.) I did find one case where majordomo doesn't honor the $TMPFILE variable though. Apply the following patch to fix it: -- Cut here -- --- majordomo.pl.orig Wed Aug 27 09:58:53 1997 +++ majordomo.pl Thu Mar 26 18:42:29 1998 @@ -324,7 +324,7 @@ } # These are package globals referenced by &setlogfile and &log -$log_file = "/tmp/log.$$"; +$log_file = "$main'TMPDIR/log.$$"; $log_host = "UNKNOWN"; $log_program = "UNKNOWN"; $log_session = "UNKNOWN"; -- end -- Enjoy. Steve -- steve@silug.org | Linux Users of Central Illinois (217)698-1694 | Meetings the 4th Tuesday of every month Steven Pritchard | http://www.luci.org/ for more info