[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages

MdI> just by looking at the name.

If program A writes file FILENAME and user1 and user2 can make (write)
symlinks 'FILENAME' then name of program A is not important. 

user1 creates symlink FILENAME to ~user2/.gnupg/file, 
then user2 starts program A and destroy his .gnupg/file, etc

this is security problem
... mpd playing: WASP - Scared To Death

. ''`. Dmitry E. Oboukhov
: :’  : unera@debian.org
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537

Attachment: signature.asc
Description: Digital signature

Reply to: