[linux-elitists] OpenBSD rules, Red Hat Linux sucks.

Don Marti dmarti@zgp.org
Tue Dec 12 14:49:56 PST 2000


----- Forwarded message from Theo de Raadt <deraadt@CVS.OPENBSD.ORG> -----

Date:         Mon, 11 Dec 2000 13:19:01 -0700
From: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
Subject:      Re: [RHSA-2000:123-01] New ed packages available
To: BUGTRAQ@SECURITYFOCUS.COM
Delivered-To: dmarti@zgp.org
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: BUGTRAQ@SECURITYFOCUS.COM
Reply-To: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
X-To:         bugzilla@REDHAT.COM

> ---------------------------------------------------------------------
>                    Red Hat, Inc. Security Advisory
>
> Synopsis:          New ed packages available
> Advisory ID:       RHSA-2000:123-01
> Issue date:        2000-12-06
> Updated on:        2000-12-06
> Product:           Red Hat Linux
> Keywords:          ed mktemp mkstemp /tmp
> Cross references:  N/A
> ---------------------------------------------------------------------
>
> 1. Topic:
>
> The ed editor used files in /tmp in an insecure fashion.
> It was possible for local users to exploit this vulnerability
> to modify files that they normally could not and gain elevated privilege.

It's amazing to see a $$$-endowed vendor fix this on the 12th of
December, in the year 2000, considering:

revision 1.4
date: 1996/06/25 00:26:02;  author: deraadt;  state: Exp;  lines: +3 -4
mkstemp

Almost four years.  Wow.

----- End forwarded message -----

-- 
Don Marti                             Non aux Brevets Logiciels
dmarti@zgp.org                        http://petition.eurolinux.org/ 
http://zgp.org/~dmarti/               No to Software Patents
Any technology distinguishable from magic is insufficiently advanced.



More information about the linux-elitists mailing list