|
From: | Chet Ramey |
Subject: | Re: Insecure temporary file use in aliasconv.sh, aliasconv.bash, cshtobash (symlink attack) |
Date: | Mon, 05 Jan 2009 10:46:22 -0500 |
User-agent: | Thunderbird 2.0.0.19 (Macintosh/20081209) |
Roman Rakus wrote: > Roman Rakus wrote: >> References: >> >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5374 >> http://lists.debian.org/debian-devel/2008/08/msg00347.html >> http://uvw.ru/report.sid.txt >> >> >> >> Attaching patch. Changed to use mktemp. >> RR > Attached a bit improved patch. > What do you think about it Chet? I have not had a chance to look at these yet. Chet -- ``The lyf so short, the craft so long to lerne.'' - Chaucer Chet Ramey, ITS, CWRU chet@case.edu http://cnswww.cns.cwru.edu/~chet/
[Prev in Thread] | Current Thread | [Next in Thread] |