[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] Sheflug Meeting / AccessSpace NIS



On Mon, 2 Apr 2001, Matthew Palmer wrote:

> > The two vulnerabilities I refer to (The DEADJOE problem and reading .joerc
> > from cwd) are not so much things to be fixed, as things it makes no sense
> > to do in the first place.
>
> Reading .joerc from pwd is a good thing under a great many circumstances -
> for instance, if you want to enforce certain code style rules for a project,
> you can put a .joerc for that directory.

Theoretically yes. In practice no. It may be convenient now but next time
you edit a file as root it may not be so convenient.
And the DEADJOE problem is basically a temp file attack (in essence).

---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.