======Dangerous temp file creation during installation of Netscape 6====== //10/1/2001//
During installation of Netscape 6.01a for Solaris 2.7/8 Sparc, I noticed the file /tmp/admin.3842 was created with mode 644. As you already know if this package is installed by root in multiuser mode a malicious user could use this to overwrite system files etc..
Here is the dangerous code:
# grep tmp ns6install
cat >/tmp/admin.$$ <<EOF /usr/sbin/pkgrm -n -a /tmp/admin.$$ ${pkg}.* 2>&1 /usr/sbin/pkgadd -n -a /tmp/admin.$$ -d `pwd` $pkg 2>&1
A temporary work around would be to shut the system down into single user mode, clean out /tmp and then install.
In reference too:
http://www.sun.com/solaris/netscape/index.html http://www.securityfocus.com/bid/3243