In the last episode (Jun 13), void said:
> I cvsupped -STABLE yesterday, and I was just running mergemaster when I
> saw:
>
> # Remove X lock files, since they will prevent you from restarting X11
> # after a system crash.
> #
> -rm -f /tmp/.X*-lock /tmp/.X11-unix/*
> +rm -f /tmp/.X*-lock
> +rm -fr /tmp/.X11-unix
>
> Aren't both the old and new versions vulnerable to symlink attacks?
>From the manpage:
The rm utility removes symbolic links, not the files referenced by
the links.
If rm -rf is passed the name of a symlink to a directory, only the
symlink is removed.
The old version was vulnerable to someone symlinking .X11-unix to, say,
/etc.
--
Dan Nelson
[EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
