Hi Rene,
Rene Engelhard wrote:
I so far thought mktemp was safe enough? (of course, we get
senddoc.mutt.number, but...
mktemp is safe enough. I think Dmitry refers to lines 3 and 4 of that script:
echo $@ /tmp/log.obr.$$
echo $# /tmp/log.obr.$$
which I agree should not be there, probably
On 06:13 Mon 25 Aug , Rene Engelhard wrote:
RE Hi,
RE Dmitry E. Oboukhov wrote:
RE For example if a script uses in its work a temp file which is created
RE in /tmp directory, then every user can create symlink with the same
RE name in this directory in order to destroy or rewrite some
found 496361 1:2.4.1-6
notfound 496361 1:3.0.0~beta2-1
notfound 496361 2.0.4.dfsg.2-7etch5
tag 496361 + pending
thanks
Dmitry E. Oboukhov wrote:
#!/bin/sh
URI_ENCODE=`dirname $0`/uri-encode
echo $@ /tmp/log.obr.$$
echo $# /tmp/log.obr.$$
[...]
Oops, I didn't see it
Hi,
Thijs Kinkhorst wrote:
Rene Engelhard wrote:
I so far thought mktemp was safe enough? (of course, we get
senddoc.mutt.number, but...
mktemp is safe enough. I think Dmitry refers to lines 3 and 4 of that script:
echo $@ /tmp/log.obr.$$
echo $# /tmp/log.obr.$$
which I agree
Hi,
Dmitry E. Oboukhov wrote:
For example if a script uses in its work a temp file which is created
in /tmp directory, then every user can create symlink with the same
name in this directory in order to destroy or rewrite some system
or user file. Symlink attack may also lead not
Hi again,
Rene Engelhard wrote:
I so far thought mktemp was safe enough? (of course, we get
senddoc.mutt.number, but...
Sorry, missed the final sentence: What do you propose instead?
Regards,
Rene
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble?
Package: openoffice.org-common
Severity: grave
Hi, maintainer!
This message about the error concerns a few packages at once. I've
tested all the packages (for Lenny) on my Debian mirror. All scripts
of packages (marked as executable) were tested.
In some packages I've discovered scripts
7 matches
Mail list logo