Paul Eggert <[EMAIL PROTECTED]> wrote:
> My kneejerk reaction is that it's not worth making this change. The
> attack in question will work against almost any program that is
> operated in an insecure directory, including the "chmod" program
> itself. It'd be a real pain to work around this probl
My kneejerk reaction is that it's not worth making this change. The
attack in question will work against almost any program that is
operated in an insecure directory, including the "chmod" program
itself. It'd be a real pain to work around this problem in all
applications, one at a time, and it's
Joey Hess <[EMAIL PROTECTED]> wrote:
> Package: coreutils
> Version: 5.2.1-2
> Severity: important
> Tags: security
>
> Our coreutils seems to be vulnerable to the problem described in
> CAN-2005-1039.
>
> http://www.securityfocus.com/archive/1/395489
>
> A quick strace of "mkdir -m 400 foo" shows