Re: ITS: webfs (updated package)
fredag den 3 december 2010 klockan 15:39 skrev Jakub Wilk detta:
> * Mats Erik Andersson <mats.andersson@gisladisker.se>, 2010-12-03, 14:54:
>> In the particular case at hand, I am dealing with the removal of
>> a temporary file, used with mktemp at creation time, so one small
>> breach would be that a malicious intruded managed to find the file
>> name, and to delete said file, before the purge action came to its
>> conclusion.
>
> The intruder would need root privileges to remove the file, wouldn't he?
Whatever privileges the executor if the postinst is using. In practice
that would be root access. Thus a "theoretical" possibility as long as
the intruder does not find more important sabotage to attend to.
Your original objection stays impeccable.
Mats E A
Reply to: