[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages



SM> A while ago, the use of libpam-tmpdir was suggested in order to mitigate
SM> some of these attacks. It would be nice to see it in use by default, some
SM> day.

SM> Obviously there will always be some programs that don't look at the
SM> TMPDIR environment variable and directly use /tmp.
write file to /tmp/filename == write file to $TMPDIR/filename
both cases are security holes if TMPDIR=/tmp :)

--
... mpd is off

. ''`. Dmitry E. Oboukhov
: :’  : unera@debian.org
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537

Attachment: signature.asc
Description: Digital signature


Reply to: