[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Preventing Symlink Attacks...


As suggested by Joey Shulze, I'd like input from people here on how to
deal with potential symlink attacks for my queuegraph package now in

Queuegraph is a simple script. It has a shell script which works out
Postfix queue statistics, then saves them in an rrd DB (in
/var/lib/queuegraph/ ). Seperately, a perl CGI script (in
/usr/lib/cgi-bin/ ) processes the rrd DB when called to generate RRD
graphs. I've made modifications to the tmp path in the CGI script to
store the generated .png graphs in /var/tmp/queuegraph/

What is the best way for me to protect from symlink attacks? Or should I
change this path to say /var/cache/queuegraph/ (as done in the bindgraph
package, which has similarities to my package)

Suggestions & thoughts welcome.  


Conall O'Brien

+353 (0)1 6535148 | sip:31313@blueface.ie 


Eagles may soar, but weazels don't get sucked into jet engines.

Attachment: signature.asc
Description: Digital signature

Reply to: