Re: Uploaded devscripts 2.0.0 (source all) to master
>> "JT" == James Troup <james@nocrew.org> writes:
JT> jdg@maths.qmw.ac.uk (Julian Gilbey) writes:
>> debchange runs with no special privileges, so I haven't taken
>> precautions against /tmp exploits.
JT> *bang *bang *bang* *bang*
JT> FFS, What kind of attitude is that? Oh, I was only running as
JT> non-root, so the fact someone hosed a critically file to my life,
JT> is no problem whatsoever?
I am also not sure what the problem is. Somone pointed out, that if
the situation is:
cd /tmp
touch abc
ln -s abc def
then writing to def would host abc. Ok so far.
I would program this so:
rm def
if not successfull then bail out
create def
if not successfull than bail out
write to def
Is this unsave? Why?
Ciao,
Martin
Reply to: