On Wed, Jan 30, 2008 at 04:11:44PM +0100, Till Maas wrote: > On Wed January 30 2008, Stefan Seyfried wrote: > > > If somebody managed to get a symlink where the logfile should be, you are > > fscked. So i think this is less secure. > > And what if somebody gets /usr/lib/pm-utils/bin/pm-action to be an arbitrary > binary? Then you are fscked, too.
But you might need to subvert another part of the system to accomplish this. Being paranoid, it is always a good idea to at least make sure that there is no symlink where you want to create your file. The easiest way to accomplish this is to remove it before. If selinux cannot cope with that, that's a selinux problem. Fix it there. > I do not see the point, how changing the > logfile is easier than changing any other component of pm-utils. It depends on what service you can get to act up. Additional paranoia is always good. :-) -- Stefan Seyfried R&D Team Mobile Devices | "Any ideas, John?" SUSE LINUX Products GmbH, Nürnberg | "Well, surrounding them's out." This footer brought to you by insane German lawmakers: SUSE Linux Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) _______________________________________________ Pm-utils mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/pm-utils
