Package: chillispot Version: 1.0-9 Severity: grave Tags: security From postinst:
8<------------------------------------------>8
# config file
CONFIGFILE=/etc/chilli.conf
# upstream config file
TEMPCONFIG=/tmp/chilli.conf
...
# unpack upstream config
zcat /usr/share/doc/chillispot/chilli.conf.gz > $TEMPCONFIG
...
echo "NOTE:"
echo "You have choosed to edit configuration by hand.";
echo "A default configuration will be available on '/etc/chilli.conf'";
if [ ! -e $CONFIGFILE ]; then
mv $TEMPCONFIG $CONFIGFILE
else
ucf $TEMPCONFIG $CONFIGFILE
fi
else
...
-e "s/^(#)?uamhomepage.*/uamhomepage\ $uam_homepage/" \
-e "s/^(#)?uamsecret.*/uamsecret\ $uam_secret/" \
< $TEMPCONFIG > $tempfile
if [ ! -e $CONFIGFILE ]; then
mv $tempfile $CONFIGFILE
else
ucf $tempfile $CONFIGFILE
fi
8<------------------------------------------>8
Putting a symlink in place can help nuking another file's content, or even
modifying the program's config file to the attacker's will.
Cheers,
--
Atomo64 - Raphael
Please avoid sending me Word, PowerPoint or Excel attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
