On Mon, Aug 25, 2008 at 11:09:02 +0200, Julien Valroff wrote: > I think rkhunter is safe, given that the script does check that the file > in /tmp is a file (and not a symlink) before using it: > > if [ "$1" = "--debug" ]; then > if [ -e "/tmp/rkhunter-debug" ]; then > if [ -f "/tmp/rkhunter-debug" -a ! -h > "/tmp/rkhunter-debug" ]; then > rm -f /tmp/rkhunter-debug >/dev/null 2>&1 > else > echo "Cannot use '--debug' option. > /tmp/rkhunter-debug already exists, but it is not a file." > exit 1 > fi > fi > > Would you please confirm this is ok so that I can close this bug? > This isn't ok. Your script is still vulnerable to a race condition (if the symlink is created between when you check for it and when you use it).
Cheers, Julien -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
