Marc Haber [EMAIL PROTECTED] writes:
On Tue, Apr 17, 2007 at 03:28:44AM +0200, Goswin von Brederlow wrote:
/nonexistant/aide.db or /usr/lib/aid/nonexistant/aide.db.
* Change sysconfdir in configure call to
/var/lib/aide/please-dont-call-aide-without-parameters
to no longer point
Marc Haber [EMAIL PROTECTED] writes:
On Sun, Apr 15, 2007 at 03:21:13PM +0200, Goswin von Brederlow wrote:
aide uses a very predictable name in tmp (/tmp/empty/aide.db) with the
assumption that it will give an error because the file does not exist.
A malicious user can easily create
On Tue, Apr 17, 2007 at 03:28:44AM +0200, Goswin von Brederlow wrote:
/nonexistant/aide.db or /usr/lib/aid/nonexistant/aide.db.
* Change sysconfdir in configure call to
/var/lib/aide/please-dont-call-aide-without-parameters
to no longer point to a world writeable location and to give a
On Sun, Apr 15, 2007 at 03:21:13PM +0200, Goswin von Brederlow wrote:
aide uses a very predictable name in tmp (/tmp/empty/aide.db) with the
assumption that it will give an error because the file does not exist.
A malicious user can easily create /tmp/empty and place a dummy db in
there and
4 matches
Mail list logo