wordperfect8.txt

`Date: Fri, 18 Dec 1998 11:47:45 -0500  
From: Edsel Adap <[email protected]>  
Reply-To: Bugtraq List <[email protected]>  
To: [email protected]  
Subject: wordperfect 8 for linux security  
  
Hi,  
  
I sent a similar message to Corel about this. And I figured I'd send  
it out here in order to prevent people from opening up their systems by  
installing word perfect 8 before the problem is fixed.  
  
When wordperfect 8 is installed it creates a /tmp/wpc-<hostname>  
directory with permissions 777. And all files inside of it are mode  
666. And when these files are created, symlinks are followed.  
  
You already know what this means when root tries to install word  
perfect.  
  
So to those of you who are planning to install word perfect 8 for  
linux, don't do it as root. Pick another user for doing the job.  
  
--  
Edsel Adap  
[email protected]  
http://www.adap.org/~edsel/ LINUX - the choice of the GNU generation  
  
"Netscape is an application which grows to fill all available memory." - me  
  
----------------------------------------------------------------------------  
  
Date: Sat, 19 Dec 1998 00:15:11 -0500  
From: Dug Song <[email protected]>  
Reply-To: Bugtraq List <[email protected]>  
To: [email protected]  
Subject: Re: wordperfect 8 for linux security  
  
On Fri, 18 Dec 1998, Edsel Adap wrote:  
  
> When wordperfect 8 is installed it creates a /tmp/wpc-<hostname>  
> directory with permissions 777. And all files inside of it are mode  
> 666. And when these files are created, symlinks are followed.  
  
if you're running OpenBSD, this is already fixed and in the ports tree:  
  
/usr/ports/editors/wordperfect  
  
everyone else can just set $TMPDIR before running the install script...  
  
-d.  
  
---  
http://www.monkey.org/~dugsong/  
  
----------------------------------------------------------------------  
  
Date: Sat, 19 Dec 1998 20:11:40 -0500  
From: Peter W <[email protected]>  
Reply-To: Bugtraq List <[email protected]>  
To: [email protected]  
Subject: Re: wordperfect 8 for linux security  
  
Aleph: minor error in the first test of the script, should have quoted the env var in case it was not set. This should be correct, please use  
this if you have not already approved the previous note.  
  
Sorry, and thanks.  
  
-Peter  
  
Keith Owens wrote:  
  
> On Fri, 18 Dec 1998 11:47:45 -0500,  
> Edsel Adap <[email protected]> wrote:  
> >When wordperfect 8 is installed it creates a /tmp/wpc-<hostname>  
> >directory with permissions 777. And all files inside of it are mode  
> >666. And when these files are created, symlinks are followed.  
>  
> Worse that that. Even if you delete the wpc-<hostname> file, the next  
> time you run wpc it creates it again. So do not run wp8 under any  
> powerful userid.  
  
As noted before, WordPerfect respects TMPDIR, so start the app with something like:  
  
#!/bin/sh  
# Set $TMPDIR to ~/tmp if the user doesn't already have a TMPDIR variable  
if [ "${TMPDIR}" = "" ]; then  
TMPDIR=${HOME}/tmp  
fi  
if [ ! -d "${TMPDIR}" ]; then  
# Need to make a new directory  
TMPDIR_TEST="error"  
/bin/mkdir "${TMPDIR}" && TMPDIR_TEST="ok"  
if [ ${TMPDIR_TEST} != "ok" ]; then  
/bin/echo "Unable to create safe tmp directory ${TMPDIR}"  
exit 1  
fi  
/bin/chmod o= "${TMPDIR}"  
fi  
# Set $TMPDIR for the wpc-$HOSTNAME junk  
export TMPDIR  
# Clear LD_LIBRARY_PATH to prevent reported seg faults  
LD_LIBRARY_PATH="" export LD_LIBRARY_PATH  
# Set the PATH and exec the app, passing any command-line args  
PATH=${PATH}:/path/to/wordperfect/wpbin export PATH  
exec xwp "${@-}" &  
  
(thanks to Billy Ball, Bruce Israel, and David Niemi)  
  
-Peter  
`