Hi,
Thijs Kinkhorst wrote:
> Rene Engelhard wrote:
> > I so far thought mktemp was safe enough? (of course, we get
> > senddoc.mutt., but...
>
> mktemp is safe enough. I think Dmitry refers to lines 3 and 4 of that script:
>
> echo "$@" > /tmp/log.obr.$$
> echo "$#" >> /tmp/log.obr.$$
>
> which
found 496361 1:2.4.1-6
notfound 496361 1:3.0.0~beta2-1
notfound 496361 2.0.4.dfsg.2-7etch5
tag 496361 + pending
thanks
Dmitry E. Oboukhov wrote:
> #!/bin/sh
> URI_ENCODE="`dirname $0`/uri-encode"
>
> echo "$@" > /tmp/log.obr.$$
> echo "$#" >> /tmp/log.obr.$$
[...]
Oops, I did
On 06:13 Mon 25 Aug , Rene Engelhard wrote:
RE> Hi,
RE> Dmitry E. Oboukhov wrote:
RE>> For example if a script uses in its work a temp file which is created
RE>> in /tmp directory, then every user can create symlink with the same
RE>> name in this directory in order to destroy or rewrit
Hi Rene,
Rene Engelhard wrote:
> I so far thought mktemp was safe enough? (of course, we get
> senddoc.mutt., but...
mktemp is safe enough. I think Dmitry refers to lines 3 and 4 of that script:
echo "$@" > /tmp/log.obr.$$
echo "$#" >> /tmp/log.obr.$$
which I agree should not be there, probably
Hi again,
Rene Engelhard wrote:
> I so far thought mktemp was safe enough? (of course, we get
> senddoc.mutt., but...
Sorry, missed the final sentence: What do you propose instead?
Regards,
Rene
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact
Hi,
Dmitry E. Oboukhov wrote:
> For example if a script uses in its work a temp file which is created
> in /tmp directory, then every user can create symlink with the same
> name in this directory in order to destroy or rewrite some system
> or user file. Symlink attack may also lead n
Package: openoffice.org-common
Severity: grave
Hi, maintainer!
This message about the error concerns a few packages at once. I've
tested all the packages (for Lenny) on my Debian mirror. All scripts
of packages (marked as executable) were tested.
In some packages I've discovered scripts wi
7 matches
Mail list logo
