linuxconf.txt

`Date: Sat, 22 Aug 1998 20:35:42 -0500  
From: Alex Mottram <[email protected]>  
Subject: Security concerns in linuxconf shipped w/RedHat 5.1  
  
There exists a security / DOS problem with linuxconf-1.11.r11-rh3/i386 as  
upgraded from RedHat's FTP site. No other versions have been tested by me.   
Both the maintainer of linuxconf and RedHat Software were made aware of this  
problem.  
  
[root@machine SRPMS]# rpm -q linuxconf  
linuxconf-1.11r11-rh3  
  
The details of the problem are neither new nor exciting so a very brief  
description follows:  
  
linuxconf creates at least one file in /tmp during/at execution, and  
will blindly follow a symlink from that file. As linuxconf is an admin  
tool, and can/should only be run as root, the possibilities of system  
smashing are multiple.  
  
A version of linuxconf that does not have this problem is available at:  
ftp://ftp.solucorp.qc.ca/pub/linuxconf/devel/redhat-5.1/linuxconf-1.11r19-1.i386.rpm  
  
Thanks to Jacques Gelinas (linuxconf maintainer) for releasing a fixed  
version quickly.  
`