[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] Sheflug Meeting / AccessSpace NIS



On Tue, Apr 03, 2001 at 04:41:25PM +0100, Will Newton wrote:
> > That is, potentially, a more serious problem, since DEADJOE is created in
> > the directory of the edited file, and (occasionally) root may want to edit
> > files in /tmp.  Creating a DEADJOE file, however, is still better than
> > losing a chunk of typed text when the modem link dies.  A little more
> > thought just needed to be put into the creation of the DEADJOE files.
> > Exploiting that error, too, is a *lot* more difficult - it's basically a
> > case of random chance that the root user is the one who is editing a file
> > in a publically writable directory when the editor receives a deadly signal
> > (which, incidentally, ordinary users can't send to that process).
> 
> man mkstemp

mkstemp?? That's not the fix, and it's certainly not an exploit. Do you
actually understand the advisory on SF? 

Cheers,

Alex.
-- 
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.