Package: firehol Version: 1.214-3 Severity: grave Tags: security I'm afraid that recent fixes still missed some unsafe temporary directory uses in firehol. In firehol-lib.sh I see:
${CAT_CMD} /proc/config >/tmp/kcfg.$$
Upstream patched this here:
http://cvs.sourceforge.net/viewcvs.py/firehol/firehol/firehol.sh?r1=1.224&r2=1.225&diff_format=u
The other parts of that patch, which add ${RANDOM} to filenames, do not
seem to actually add security.
This may or may not still be part of CAN-2005-0225, the CAN is not
sufficiently clear to tell.
--
see shy jo
signature.asc
Description: Digital signature
