On Sun, Apr 15, 2007 at 03:21:13PM +0200, Goswin von Brederlow wrote: > aide uses a very predictable name in tmp (/tmp/empty/aide.db) with the > assumption that it will give an error because the file does not exist. > > A malicious user can easily create /tmp/empty and place a dummy db in > there and thus disrupt or even negate the effect of aide.
How can it disrupt the effect of aide? People are not supposed to directly call aide without giving a configuration file. > If you want to force people to configure your package before use then > please do use something reliably absent. What do you suggest using? Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
