[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ITS: webfs (updated package)

fredag den  3 december 2010 klockan 15:39 skrev Jakub Wilk detta:
> * Mats Erik Andersson <mats.andersson@gisladisker.se>, 2010-12-03, 14:54:
>> In the particular case at hand, I am dealing with the removal of
>> a temporary file, used with mktemp at creation time, so one small
>> breach would be that a malicious intruded managed to find the file
>> name, and to delete said file, before the purge action came to its
>> conclusion.
> The intruder would need root privileges to remove the file, wouldn't he?

Whatever privileges the executor if the postinst is using. In practice
that would be root access. Thus a "theoretical" possibility as long as
the intruder does not find more important sabotage to attend to.

Your original objection stays impeccable.

Mats E A

Reply to: