I just read a Debian advisory about CAN-2005-0077, claiming "Javier Fernández-Sanguino Peña from the Debian Security Audit Project discovered that the DBI library, the Perl5 database interface, creates a tmporary PID file in an insecure manner. This can be exploited by a malicious user to overwrite arbitrary files owned by the person executing the parts of the library."
I haven't seen this discussed on this list yet. Will this be fixed in DBI 1.47, and if so, when can we expect that release? hp -- _ | Peter J. Holzer | If the code is old but the problem is new |_|_) | Sysadmin WSR / LUGA | then the code probably isn't the problem. | | | [EMAIL PROTECTED] | __/ | http://www.hjp.at/ | -- Tim Bunce on dbi-users, 2004-11-05
pgpIXJPlHyn8p.pgp
Description: PGP signature