On Sun, Apr 25, 2010 at 2:59 PM, Nathan O'Treally <not.rea...@online.de> wrote: > On 25 Apr., 19:07, Gonzalo Tornaria <torna...@math.utexas.edu> wrote: > This is actually a security issue, too. (Imagine e.g. a Sage bdist was > compiled in /tmp: Everybody could place arbitrary code in a fake > library there. Or he could even look into the Sage binary and find > "appropriate" directories to create and put malware libs into.)
Yikes! You are right... :-( >> I hope that somebody has a better idea of how to fix this bug. > > At least chmod og-r on all binaries, too (on a multiuser/open system). I don't see how that fixes anything (that isn't fixed by just moving away the build directory or building in a random location). > Did you open a ticket for that? No, I didn't. I hoped to get some comments before. Gonzalo -- To post to this group, send an email to sage-devel@googlegroups.com To unsubscribe from this group, send an email to sage-devel+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/sage-devel URL: http://www.sagemath.org