Re: Uploaded devscripts 2.0.0 (source all) to master

To: Debian Developerslist <debian-devel@lists.debian.org>
Subject: Re: Uploaded devscripts 2.0.0 (source all) to master
From: martin@internet-treff.uni-koeln.de (Martin Bialasinski)
Date: 07 Jan 1999 23:43:24 +0100
Message-id: <[🔎] m0zyO9E-0003kCC@haitech.martin.home>
In-reply-to: James Troup's message of "07 Jan 1999 22:26:56 +0000"
References: <[🔎] m0zyN4S-000InqC@polya> <[🔎] 874sq2iurz.fsf@nocrew.org>

>> "JT" == James Troup <james@nocrew.org> writes:

JT> jdg@maths.qmw.ac.uk (Julian Gilbey) writes:
>> debchange runs with no special privileges, so I haven't taken
>> precautions against /tmp exploits.

JT> *bang *bang *bang* *bang*

JT> FFS, What kind of attitude is that?  Oh, I was only running as
JT> non-root, so the fact someone hosed a critically file to my life,
JT> is no problem whatsoever?

I am also not sure what the problem is. Somone pointed out, that if
the situation is:

cd /tmp
touch abc
ln -s abc def

then writing to def would host abc. Ok so far.

I would program this so:

rm def
if not successfull then bail out
create def
if not successfull than bail out
write to def

Is this unsave? Why?

Ciao,
	Martin

Reply to:

Follow-Ups:
- Re: Uploaded devscripts 2.0.0 (source all) to master
  - From: Ben Collins <bmc@it.larc.nasa.gov>
- Re: Uploaded devscripts 2.0.0 (source all) to master
  - From: Joey Hess <joey@kitenet.net>

References:
- Re: Uploaded devscripts 2.0.0 (source all) to master
  - From: jdg@maths.qmw.ac.uk (Julian Gilbey)
- Re: Uploaded devscripts 2.0.0 (source all) to master
  - From: James Troup <james@nocrew.org>

Prev by Date: PROPOSAL: dpkg-logger and related
Next by Date: Re: Uploaded devscripts 2.0.0 (source all) to master
Previous by thread: Re: Uploaded devscripts 2.0.0 (source all) to master
Next by thread: Re: Uploaded devscripts 2.0.0 (source all) to master
Index(es):
- Date
- Thread