[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sheflug] Sheflug Meeting / AccessSpace NIS
On Tue, Apr 03, 2001 at 04:41:25PM +0100, Will Newton wrote:
> > That is, potentially, a more serious problem, since DEADJOE is created in
> > the directory of the edited file, and (occasionally) root may want to edit
> > files in /tmp. Creating a DEADJOE file, however, is still better than
> > losing a chunk of typed text when the modem link dies. A little more
> > thought just needed to be put into the creation of the DEADJOE files.
> > Exploiting that error, too, is a *lot* more difficult - it's basically a
> > case of random chance that the root user is the one who is editing a file
> > in a publically writable directory when the editor receives a deadly signal
> > (which, incidentally, ordinary users can't send to that process).
>
> man mkstemp
mkstemp?? That's not the fix, and it's certainly not an exploit. Do you
actually understand the advisory on SF?
Cheers,
Alex.
--
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word
"unsubscribe" in the body of the message.
GNU the choice of a complete generation.