On Sun, Nov 20, 2005 at 10:13:00PM +0100, Bill Allombert wrote: > However I am not sure this is a security bug: > The original script create a file named tempfile in the current > directory, not int /tmp.
> Would you consider this script to have a security hole? > #!/bin/sh > cat "$1" > tempfile > mv tempfile "$2" Yes, because the tool may be run in an untrusted directory that can be written to by an attacker. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/
signature.asc
Description: Digital signature