I just read a Debian advisory about CAN-2005-0077, claiming "Javier Fernández-Sanguino Peña from the Debian Security Audit Project discovered that the DBI library, the Perl5 database interface, creates a tmporary PID file in an insecure manner. This can be exploited by a malicious user to overwrite arbitrary files owned by the person executing the parts of the library."
I haven't seen this discussed on this list yet. Will this be fixed in
DBI 1.47, and if so, when can we expect that release?
hp
--
_ | Peter J. Holzer | If the code is old but the problem is new
|_|_) | Sysadmin WSR / LUGA | then the code probably isn't the problem.
| | | [EMAIL PROTECTED] |
__/ | http://www.hjp.at/ | -- Tim Bunce on dbi-users, 2004-11-05
pgpIXJPlHyn8p.pgp
Description: PGP signature
