[原文]Helix GNOME Updater helix-update 0.5 and earlier does not properly create /tmp directories, which allows local users to create empty system configuration files such as /etc/config.d/bashrc, /etc/config.d/csh.cshrc, and /etc/rc.config.
GNOME is a graphical user interface for X11 created by Helix Code. The installer, on Caldera eDesktop and S.u.S.E. linux systems use /tmp in an unsafe manner. It creates a directory in /tmp and stores temporary copies of system configuration files (/etc/config.d/bashrc, /etc/config.d/csh.cshrc, and /etc/rc.d/rc.gui files on Caldera OpenLinux eDesktop 2.4 and /etc/rc.config on SuSE 6.3 and 6.4) there before writing them to their proper locations. If a malicious user has knowledge that the administrator is going to be executing gnome-installer, he/she can cause the installer to write blank configuration files to the system (by making the directory before gnome installer does). This will result in the system losing part of its configuration.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org.