Hello, As suggested by Joey Shulze, I'd like input from people here on how to deal with potential symlink attacks for my queuegraph package now in sid. Queuegraph is a simple script. It has a shell script which works out Postfix queue statistics, then saves them in an rrd DB (in /var/lib/queuegraph/ ). Seperately, a perl CGI script (in /usr/lib/cgi-bin/ ) processes the rrd DB when called to generate RRD graphs. I've made modifications to the tmp path in the CGI script to store the generated .png graphs in /var/tmp/queuegraph/ What is the best way for me to protect from symlink attacks? Or should I change this path to say /var/cache/queuegraph/ (as done in the bindgraph package, which has similarities to my package) Suggestions & thoughts welcome. -- Conall O'Brien +353 (0)1 6535148 | sip:31313@blueface.ie http://www.conall.net Eagles may soar, but weazels don't get sucked into jet engines.
Attachment:
signature.asc
Description: Digital signature