Bart Smaalders wrote:
http://cr.opensolaris.org/~barts/bug-539/
In license.py, I'm a little concerned about the possibility of a malicious person being able to create the license file in advance as a symlink to (say) /etc/passwd.
_If_ that were possible, then it appears that the code would blindly overwrite the linked file.
Should we check to see if 'path' exists before use and if it does, perform some rudimentary checks on it?
Otherwise, looks ok. Trev
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
