Hi Victor, thanks for the nice release.
2008/10/4 Victor Lowther <[EMAIL PROTECTED]>: > 1.2.1 Release Announcement > * pm-utils has support for saving quirks as a HAL FDI file. If > called with --store-quirks-as-fdi, an .fdi file specific to the > machine and quirks passed on the command line will be written > to /tmp/pm-utils-created.fdi. This sounds dangerous, looks like insecure tmp file usage. A malicious attacker could create a symlink and this way trick you overwriting important files. I see three posibilities: 1.) Use mktemp to create a random name (and tell the user the name). 2.) Store the file in /etc/hal/fdi, isn't it indented for that anyway? 3.) Dump the fdi file to stdout. Cheers, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? _______________________________________________ Pm-utils mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/pm-utils
