Re: worring about YaST in SuSE 9.3 and maybe lower
On Fri, Sep 16, 2005 at 09:01:19AM -0000, innate@xxxxxx wrote:
> author: l0om
> email: email:l0om | a7 | excluded d07 org
> page: www.excluded.org
>
> worring about YaST in SuSE 9.3 and maybe lower
>
> iam wondering about the installation routine from SuSE linux 9.3 and maybe
> some lower verisons.
> YaST is creating a directory named
> "/var/adm/YaST/InstSrcManager/IS_CACHE_0x0000000X/DATA/descr" which is
> worldwritable by default. the directory contains data like packagenames and
> pathnames needed for YaST if you install software. for normal this directory
> shouldnt be writable by everyone because if you change the install media a
> new "IS_CACHE_0x0000000X/DATA/descr" is created which isnt worldwritable.
>
> so you may be able to poising the data which is viewd by root while he is
> trying to install data. the following data may be changed for example (file
> "packages"):
I cannot reproduce this directory being worldwriteable here.
What kind of installation source did you use? CD? ftp?
Ciao, Marcus