[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages

EVL>>> The idea behind libpam-tmpdir is that it creates a subdirectory of /tmp
EVL>>> that is only accessible by that user, and then sets TMPDIR and other
EVL>>> variables to that. Hence, it doesn't matter nearly as much if you
EVL>>> create a non-random filename, because nobody but you can access it.
EVL>> Yes, but
EVL>> scripts must use $TMPDIR instead '/tmp' or mktemp/tempfile utils :)
EVL> tempfile uses $TMPDIR by default :)

scripts must use $TMPDIR or _must_ _use_ mktemp/tempfile ;)

... mpd playing: U.D.O. - Animal House

. ''`. Dmitry E. Oboukhov
: :’  : unera@debian.org
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537

Attachment: signature.asc
Description: Digital signature

Reply to: