COMMAND

    netconfig

SYSTEMS AFFECTED

    Slackware 3.4 (prior?)

PROBLEM

    Matt Nichols posted following.  netconfig script on slackware  3.4
    systems (probably earlier versions also), does not check to see if
    static  tmpfiles  already  exist.   Any  user can overwrite system
    files  by  creating  a  symlink  in  /tmp under a filename used by
    netconfig.

    netconfig creates: (without checking to see if they exist)

        /tmp/elm.rc.OLD
        /tmp/rc.inet1.OLD
        /tmp/hosts.OLD
        /tmp/resolv.conf.OLD

    A user can create a symlink in /tmp like:

        lwrxrwxrwx   1 kgb   users    8 Mar 10 19:47 rc.inet1.OLD -> /vmlinuz

    and wait for root to  run 'netconfig' thus overwriting the  victom
    file.   Although  this  is  an  unlikely  situation,  it  is still
    possible.

SOLUTION

    Nothing yet.