Red Hat Bugzilla – Bug 26101
Small /tmp handling problem in Xconfigurator
Last modified: 2007-04-18 12:31:11 EDT
As a user, ln -s /root/.rhosts /tmp/SERVER and wait for the admin to
run Xconfigurator --pick (which happens when the system is upgraded,
After it's been run, root ends up with a .rhosts containing "XFree86 480",
which theoretically could be used for doing some nasty things
(assuming the person also runs rlogin for some reason, I tried to
to accept the .rhosts file but failed)
The code does check for the existance of the file using access() and
the file if it exists, but since it's a symlink to a non-existing file the
get removed like it should. Replacing the access() with a stat() or
should do the trick.
Ok, that's all pretty theoretical so I didn't even classify this as a
but things like this are worth checking for in other things that get run
during upgrades :)
this code was old and unused. However, when it was active, it was only used at
installation time, so the security risk was ~nil.
Still, the code was cruft and I have removed it in 4.6.9 and later.