Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages

To: debian-devel@lists.debian.org
Subject: Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages
From: "Dmitry E. Oboukhov" <unera@debian.org>
Date: Tue, 12 Aug 2008 18:46:20 +0400
Message-id: <[🔎] 20080812144620.GE4657@work.uvw.ru>
In-reply-to: <[🔎] 48A19DD8.5030005@gmail.com>
References: <[🔎] E1KSRLo-0005hY-Fe@apache.rbscorp.ru> <[🔎] pan.2008.08.11.17.31.50@robots.org.uk> <[🔎] 20080812063807.GG28198@work.uvw.ru> <[🔎] 20080812141908.GB18972@crustytoothpaste.ath.cx> <[🔎] 20080812143017.GB4657@work.uvw.ru> <[🔎] 48A19DD8.5030005@gmail.com>

EVL>>> The idea behind libpam-tmpdir is that it creates a subdirectory of /tmp
EVL>>> that is only accessible by that user, and then sets TMPDIR and other
EVL>>> variables to that. Hence, it doesn't matter nearly as much if you
EVL>>> create a non-random filename, because nobody but you can access it.
EVL>> 
EVL>> Yes, but
EVL>> scripts must use $TMPDIR instead '/tmp' or mktemp/tempfile utils :)
EVL> tempfile uses $TMPDIR by default :)

sorry, 
scripts must use $TMPDIR or _must_ _use_ mktemp/tempfile ;)

--
... mpd playing: U.D.O. - Animal House

. ''`. Dmitry E. Oboukhov
: :’  : unera@debian.org
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages
  - From: "John H. Robinson, IV" <jaqque@debian.org>

References:
- Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages
  - From: "Dmitry E. Oboukhov" <dimka@uvw.ru>
- Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages
  - From: Sam Morris <sam@robots.org.uk>
- Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages
  - From: "Dmitry E. Oboukhov" <unera@debian.org>
- Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages
  - From: "brian m. carlson" <sandals@crustytoothpaste.ath.cx>
- Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages
  - From: "Dmitry E. Oboukhov" <unera@debian.org>
- Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages
  - From: "Eugene V. Lyubimkin" <jackyf.devel@gmail.com>

Prev by Date: Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages
Next by Date: Re: Can a package modify slapd.conf in its maintainer script?
Previous by thread: Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages
Next by thread: Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages
Index(es):
- Date
- Thread