Helix Code Security Advisory - go-gnome pre-installer | Linux Today

Helix Code Security Advisory – go-gnome pre-installer

Written By
Web Webster
Web Webster
Aug 30, 2000

Date: Tue, 29 Aug 2000 18:08:50 -0400
From: “Helix Code, Inc.” security@helixcode.com
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Helix Code Security Advisory – go-gnome pre-installer

HELIX CODE, INC.                                             SECURITY ADVISORY
security@helixcode.com                                 Issue Date: 29 Aug 2000

PACKAGES AFFECTED:
“go-gnome” Helix GNOME pre-installer

SYNOPSIS:
A vulnerability in the go-gnome pre-installer allows non-root users
to exploit world-writable permissions in /tmp, permitting files
normally only accessible by root to be overwritten.

DESCRIPTION:
The go-gnome pre-installer uses a few rather predictable filenames
in /tmp for uudecode, snarf, and the installer files. If one (or
more) of those files already exist with a symbolic link created by
a malicious user, the files pointed to by those links will be
clobbered.

SOLUTION:
The go-gnome pre-installer has been updated on the main Helix Code
mirror and go-gnome.com. This new version fixes this vulnerability
by storing files in /var/cache/helix-install, which is writable
only by root.

AVAILABILITY:
A new version of the go-gnome pre-installer is available
immediately from Helix Code, Inc. at go-gnome.com:
http://go-gnome.com

VERIFICATION:
94e5849dd659642bc58d768d12c3c26d go-gnome

Copyright (c) 2000 Helix Code, Inc.

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.