On Wed, Oct 10, 2007 at 06:03:02PM +0000, Ganael LAPLANCHE wrote: > On Mon, 08 Oct 2007 20:02:42 +0200, Pierre Habouzit wrote > > > IMHO the best fix is to have in your "runtime" file sth like: > > [...] > > Hi again Pierre, > > I am still working on patching the scripts. This will lead to a 'security > release' named 1.7.1, quite soon (I hope). > > Binding is Ok, I will use a file containing the password (no more $BINDPWD > variable) and ldap commands' -y option. Anyway, I still think this 'flaw' > should > also be patched at openldap level when possible (setproctitle(3)). > > I still wonder if it is a good idea to use a temporary file for sed scripts. > Trap is good, but what if the server crashes ? Is it better to be able to > watch > sed expressions during a few seconds with ps or to leave orphan temporary > files > on the disk forever ? Any idea ?
If the server crash, then it will be rebooted, and /tmp is cleansed at boot time, so no worries here. -- ·O· Pierre Habouzit ··O [EMAIL PROTECTED] OOO http://www.madism.org
pgpWjiHET27Ii.pgp
Description: PGP signature
