Juan M. Courcoul <[EMAIL PROTECTED]> wrote: > Acrobat Reader 5.0.5 on MacOS X does not seem to have this problem. It > creates or overwrites the file > > /Library/Application Support/Adobe/Fonts/AdobeFnt.lst > > with the same owner as the user and with group "admin", but with 644 > file permissions. The directory does not have world-writeable permissions.
I am puzzled: how can a "simple" user create that file, when the directory has no world-writable permissions? How can another user overwrite it, when the file has 644 permissions? (It would seem that Juan was running as root; "simple" users may still be vulnerable. I have no Mac to test.) (See also http://www.securityfocus.com/bid/3225 .) Cheers, Paul Szabo - [EMAIL PROTECTED] http://www.maths.usyd.edu.au:8000/u/psz/ School of Mathematics and Statistics University of Sydney 2006 Australia
