Re: Uploaded devscripts 2.0.0 (source all) to master
> Julian Gilbey wrote:
> > * Now debchange works on a version of the changelog in /tmp and only
> > overwrites the current changelog if everything is OK; this is much
> > safer than the original version. Also, all system calls have their
> > return status checked
>
> Did you do this safely? Ie, did you protect against file in /tmp exploits?
debchange runs with no special privileges, so I haven't taken
precautions against /tmp exploits. What I will do, though, is to
disable debchange from running as root or setuid root for the next
release.
Julian
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Julian Gilbey Email: J.D.Gilbey@qmw.ac.uk
Dept of Mathematical Sciences, Queen Mary & Westfield College,
Mile End Road, London E1 4NS, ENGLAND
-*- Finger jdg@goedel.maths.qmw.ac.uk for my PGP public key. -*-
Reply to: