Wouter Verhelst wrote: > Also, the symlink attack thing isn't just something I made up; > tmpreaper's REAME.Debian actually warns about that. It's not particularly hard to securely delete /tmp in single user mode, ie at boot. Just don't follow symlinks. Tmpreaper's potential for symlink attacks is entirely due to it being run in multiuser mode, which provides the potential for users to race it. Thankfully, tmpreaper is not included in the base system, although I would still prefer it not be included in Debian at all, because IMHO it's a security hole waiting to happen, as well as a Debian-specific fork that has now missed out on 14 years (!!!) of upstream development and, presumably, security improvements. http://bugs.debian.org/71251 -- see shy jo
Attachment:
signature.asc
Description: Digital signature