[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] Sheflug Meeting / AccessSpace NIS



On Mon, Apr 02, 2001 at 12:47:23PM +0100, Will Newton wrote:
> > > The two vulnerabilities I refer to (The DEADJOE problem and reading .joerc
> > > from cwd) are not so much things to be fixed, as things it makes no sense
> > > to do in the first place.
> >
> > Reading .joerc from pwd is a good thing under a great many circumstances -
> > for instance, if you want to enforce certain code style rules for a project,
> > you can put a .joerc for that directory.
> 
> Theoretically yes. In practice no. It may be convenient now but next time
> you edit a file as root it may not be so convenient.
> And the DEADJOE problem is basically a temp file attack (in essence).

But both attacks are local attacks - they only count if you have a machine
with untrusted users. And even then, only in limited circumstances (it's
harder than a temp file attack, in the case of DEADJOE). Not something
that's going to keep me awake at night..

. I seem to also recall you were the one giving people heat for criticising
Redhat's ridiculous release of 7.0, the Linux distro which gave us the
Ramen worm, the Lion worm and two weeks' uptime... I don't remember you
calling them 'schoolboys' :)

Controversially yours :)

Alex.
-- 
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.