Bug#496361: The possibility of attack with the help of symlinks in some Debian packages

To: 496361@bugs.debian.org
Cc: "Dmitry E. Oboukhov" <dimka@uvw.ru>
Subject: Bug#496361: The possibility of attack with the help of symlinks in some Debian packages
From: Thijs Kinkhorst <thijs@debian.org>
Date: Mon, 25 Aug 2008 09:52:10 +0200
Message-id: <[🔎] 200808250952.13340.thijs@debian.org>
Reply-to: Thijs Kinkhorst <thijs@debian.org>, 496361@bugs.debian.org

Hi Rene,

Rene Engelhard wrote:
> I so far thought mktemp was safe enough? (of course, we get
> senddoc.mutt.<number>, but...

mktemp is safe enough. I think Dmitry refers to lines 3 and 4 of that script:

echo "$@" > /tmp/log.obr.$$
echo "$#" >> /tmp/log.obr.$$

which I agree should not be there, probably leftover debug code?

cheers,
Thijs

Attachment: pgpjuDpY2Pttl.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Bug#496361: The possibility of attack with the help of symlinks in some Debian packages
  - From: Rene Engelhard <rene@debian.org>

Prev by Date: Bug#496480: openoffice.org_1:3.0.0~ooo300m3-2(experimental/i386/demosthenes): gcj-dbtool: command not found
Next by Date: Bug#496361: The possibility of attack with the help of symlinks in some Debian packages
Previous by thread: Bug#496361: marked as done (The possibility of attack with the help of symlinks in some Debian packages)
Next by thread: Bug#496361: The possibility of attack with the help of symlinks in some Debian packages
Index(es):
- Date
- Thread