Re: worring about YaST in SuSE 9.3 and maybe lower

[Marcus Meissner <meissner@xxxxxxx>]

On Fri, Sep 16, 2005 at 09:01:19AM -0000, innate@xxxxxx wrote:
> author:               l0om 
> email:                email:l0om | a7 | excluded d07 org
> page:         www.excluded.org
> 
> worring about YaST in SuSE 9.3 and maybe lower
> 
> iam wondering about the installation routine from SuSE linux 9.3 and maybe 
> some lower verisons.
> YaST is creating a directory named 
> "/var/adm/YaST/InstSrcManager/IS_CACHE_0x0000000X/DATA/descr" which is 
> worldwritable by default. the directory contains data like packagenames and 
> pathnames needed for YaST if you install software. for normal this directory 
> shouldnt be writable by everyone because if you change the install media a 
> new "IS_CACHE_0x0000000X/DATA/descr" is created which isnt worldwritable. 
> 
> so you may be able to poising the data which is viewd by root while he is 
> trying to install data. the following data may be changed for example (file 
> "packages"):

I cannot reproduce this directory being worldwriteable here.

What kind of installation source did you use? CD? ftp?

Ciao, Marcus