Dan Langille wrote: > "The possibility of attack with the help of symlinks in some Debian > packages" > > I heard about the first URL, which leads to the other two: > > > http://web.nvd.nist.gov/view/vuln/detail?execution=e4s1 > http://lists.debian.org/debian-devel/2008/08/msg00347.html > http://uvw.ru/report.sid.txt > > Short version: It's a packaging problem, not a Bacula problem but I > have not confirmed this.
According to the report at http://uvw.ru/report.sid.txt the problem is insecure use of /tmp on lines 105 to 109 of examples/autochangers/mtx-changer.Adic-Scalar-24 - looks like a bacula problem and not packaging. Easy fix - just use mktemp. R. PeteM ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _______________________________________________ Bacula-devel mailing list Bacula-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-devel
