[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Uploaded devscripts 2.0.0 (source all) to master

>> "JT" == James Troup <james@nocrew.org> writes:

JT> jdg@maths.qmw.ac.uk (Julian Gilbey) writes:
>> debchange runs with no special privileges, so I haven't taken
>> precautions against /tmp exploits.

JT> *bang *bang *bang* *bang*

JT> FFS, What kind of attitude is that?  Oh, I was only running as
JT> non-root, so the fact someone hosed a critically file to my life,
JT> is no problem whatsoever?

I am also not sure what the problem is. Somone pointed out, that if
the situation is:

cd /tmp
touch abc
ln -s abc def

then writing to def would host abc. Ok so far.

I would program this so:

rm def
if not successfull then bail out
create def
if not successfull than bail out
write to def

Is this unsave? Why?


Reply to: