lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: rodrigob at suespammers.org (Rodrigo Barbosa)
Subject: New Remote Windows Exploit (MS04-029)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Nov 04, 2004 at 02:24:53PM -0500, Valdis.Kletnieks@...edu wrote:
> 2) An amazing amount of stuff assumes that /tmp has 'exec' - at
> least for a while, 'rpmbuild' of a Redhat Perl would die because it
> build into a directory on /tmp, and then tried to run a binary out
> of that just-built tree - workaround was to feed rpm a '%_tmpdir ='
> pointing elsewhere.  Dell's microcode installer hits the same issue,
> as did at least some OpenOffice builds.
> 
> So if you do it, be prepared to get bit, and have to do a
> 'mount -o remount,exec /tmp' once in a while...

I'm not sure which standard (FHS ? LSB ?), but these softwares should
honor the TMPDIR environment. And yes, /tmp is the fallback, in case
$TMPDIR is not set.

- -- 
Rodrigo Barbosa <rodrigob@...spammers.org>
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFBioyMpdyWzQ5b5ckRAh5XAJwK4MwSDrw7959Q++vHI0gJwS/cgQCgwlfe
xyQfcnE7h7WykMPOta7cofg=
=SMHC
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists