The isdnlog program (provided by isdn4k-utils.tar.gz) creates a root-owned temp file called /tmp/isdnctrl (or /tmp/isdnctrl0) and no checking for symbolic links is done. The file is opened append only, a user can make a symbolic from /tmp/isdnctrl to any file and mess things up. example: ln -s /var/spool/mail/root /tmp/isdnctrl -- dentoir Fart Foundation Security through immaturity
Seemingly Similar Threads
Wisdom of the Ancients
