> > Likewise, having a "hardened" config.guess file would not necessarily
> > prevent symlink attacks, but it'll definitely make it much harder for an
> > attacker to exploit it, even if the admin is sloppy.
>
>An attacker is hardly likely to distribute a "hardened" config.guess
Of course the att
On Fri, Jun 07, 2002 at 04:50:23PM -0400, Lawrence Teo wrote:
> My point is, if config.guess can be hardened against such potential symlink
> attacks, why shouldn't it be? Of course, it would be great to educate all
> admins not to build stuff as root. But it would also be a responsible thing
>
Dear Allan,
I agree with you on many points but I still think this is an issue.
Yes, people like you and me don't build stuff as root, because we're aware
of the security issues behind this. However, "normal" users like newbie
admins probably don't.
Yes, standard users cannot overwrite /etc/p
Allan Clark wrote:
>
> This is really not an issue;
There are a lot of sloppy people around.
I had a make check test divert its output to /dev/null,
only the test also changed the permissions of the output
file, too. Someone complained that /dev/null became r--r--r--.
It might be useful to chok
This is really not an issue; standard users cannot overwrite /etc/passwd
You don't compile/install unknown software as root, do you? If so, then
my configure file says this:
date > /etc/passwd
Sure, this could be replaced with a hashed random name, but the same
vulnerability remains. Don't b
ATTN: PRESIDENT/CEO
DEAR FRIEND,
I AM MRS. SESE-SEKO WIDOW OF LATE PRESIDENT MOBUTU
SESE-SEKO OF ZAIRE? NOW KNOWN AS DEMOCRATIC REPUBLIC
OF CONGO (DRC). I AM MOVED TO WRITE YOU THIS LETTER,
THIS WAS IN CONFIDENCE CONSIDERING MY PRESENT
CIRCUMSTANCE AND SITUATION.
I ESCAPED ALO
i'm on hp-ux 11.00 and have autoconf 2.50 and automake 1.5.
i have following Makefile.am:
Makefile.am:
bin_PROGRAMS = test
test_SOURCES = test.c
test_LDADD = $(LIBTEST)
lib_LIBRARIES = libtest1.a libtest2.a
libtest1_a_SOURCES = test1.c
libtest2_a_SOURCES = test2.c
depending on the ope
Íƹ㼼Êõ£¬Àû¹úÀûÃñ
http://www.dsxx.net/8156171/zh1966.htm
ÒªÖ¸»£¬Ñ§¼¼Êõ£¬ÕâÊÇ˶¼¶®µÃµÄµÀÀí¡£µ«Èç½ñµÄ¼¼ÊõÊг¡¼Û¸ñ°º¹ó£¬Ê¹ÈËÍû¶øÉúη¡£¶øÇÒ¼¼ÊõÊг¡ÓãÁú»ìÔÓ
£¬ÓÖ²»ÖªµÀÄܲ»ÄÜѧµ½ÕæÕýµÄ¼¼Êõ¡£
ÏÖÔÚºÃÁË£¬È¨Íþ»ú¹¹Öйú¼¼ÊõÊг¡Ð»á¿Æ¼¼·þÎñÖÐÐÄͶÈë¾Þ×ʽ«¼ÛֵǧÍòÔªµÄ¿Æ¼¼³É¹û¡¢ÊµÓü
Íƹ㼼Êõ£¬Àû¹úÀûÃñ
http://www.dsxx.net/8156171/zh1966.htm
ÒªÖ¸»£¬Ñ§¼¼Êõ£¬ÕâÊÇ˶¼¶®µÃµÄµÀÀí¡£µ«Èç½ñµÄ¼¼ÊõÊг¡¼Û¸ñ°º¹ó£¬Ê¹ÈËÍû¶øÉúη¡£¶øÇÒ¼¼ÊõÊг¡ÓãÁú»ìÔÓ
£¬ÓÖ²»ÖªµÀÄܲ»ÄÜѧµ½ÕæÕýµÄ¼¼Êõ¡£
ÏÖÔÚºÃÁË£¬È¨Íþ»ú¹¹Öйú¼¼ÊõÊг¡Ð»á¿Æ¼¼·þÎñÖÐÐÄͶÈë¾Þ×ʽ«¼ÛֵǧÍòÔªµÄ¿Æ¼¼³É¹û¡¢ÊµÓü
