severity 496424 wishlist
retitle 496424 Generate temporary directory with mktemp
thanks
Dmitry E. Oboukhov wrote:
> Package: firehol
> Severity: grave
>
> Hi, maintainer!
> Even if you create files or directories with help of function 'RANDOM'
> or pid(), then your system is not protected. Attacker can create many
> symlinks in order to destroy your data or create 'denial of service'
> for your package scripts.
This is a false positive, firehol generates it's temporary directory
with FIREHOL_DIR="/tmp/.firehol-tmp-$$-${RANDOM}-${RANDOM}", which
would require an attacker to create 1073741824*PID-RANGE symlinks
Using mktemp would certainly be a cleaner solution, though.
As such I'm retitling the bug for now.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
