Hi all, I have setup a basic package for scannedonly, I don't intend to upload it yet as: - I have to test it more carefully (basic function works) - I will only upload it if I use it myself
It's here: http://anonscm.debian.org/gitweb/?p=pkg-samba/scannedonly.git Bastien ROUCARIES said: > Ok I understand but it is insecure at least create a random secret > extension. And filter this extension. A malicious user could try to > race with the daemon, creating a .scanned file and an infected file. > sometime it will succeed and the file will be declared sane whereas it > is not sane. I have tested and couldn't do as you said: - the file is prefixed with ".scanned:", as it contains ":", it can't be routed thru cifs (I tested with smbclient) - the".scanned:FILENAME" file is checked for mtime (mtime should be later than mtime of FILENAME) please provide a real exploit. PS: I'm cc-ing pkg-samba, for info and feedback. Regards -- Mathieu Parent -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org