There are parts of conky that are linux-only but that are the parts that do things like examine hardware, the rest should work on everything POSIX-compatible. There is idd still a period between file_exists() and fopen() but the only thing that happens in that time is a stat(). I am by no means a security expert so i could be wrong, but i don't see how a attacker could make that stat() hang long enough to create a symlink
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/607309 Title: vulnerability: rewrite arbitrary user file -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
