Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!zaphod.mps.ohio-state.edu!caen!umich!gumby!peirce
From: peirce@gumby.cc.wmich.edu (Leonard Peirce)
Newsgroups: comp.unix.ultrix
Subject: Re: Ultrix x.x /etc/rc.local security holes via /tmp/t1
Message-ID: <1991Feb28.143830.17828@gumby.cc.wmich.edu>
Date: 28 Feb 91 14:38:30 GMT
References: <1991Feb28.083356.6769@watcgl.waterloo.edu> <1991Feb28.131938.29631@cs.widener.edu>
Organization: Western Michigan University Academic Computing Services
Lines: 26

In article <1991Feb28.131938.29631@cs.widener.edu> brendan@cs.widener.edu (Brendan Kehoe) writes:
>In <1991Feb28.083356.6769@watcgl.waterloo.edu>, idallen@watcgl.waterloo.edu writes:
>>On Ultrix (any version), if you happen to have directories named
>>/tmp/t1 or /tmp/t2, all kinds of nasty things will happen to your
>>/etc/motd and /etc/gettytab because /etc/rc.local assumes it can write
>>to these tmp names as files, and it edits the contents into your
>>/etc/motd and /etc/gettytab.
>
>  Suns have the same problem; just change the /tmp/t1 and /tmp/t2
>  names to /etc/t1 and /etc/t2 -- since rc.local's run as root, you'll
>  be fine.

You could just add

   rm -fr /tmp/t1 /tmp/t2

just before the edit to motd.

I always just comment out the entire mess.  I can maintain motd myself; I don't need
rc.local to change it for every reboot.

--
Leonard Peirce                  Internet:  peirce@gumby.cc.wmich.edu
Western Michigan University                peirce@gw.wmich.edu
Academic Computing Services     UUCP:      ...!uunet!sharkey!wmichgw!peirce
Kalamazoo, MI  49008            Phone:     (616) 387-5469