tag 454092 fixed-upstream thanks * Joey Hess [Sun, 02 Dec 2007 18:52:48 -0500]:
> Package: pm-utils > Version: 0.99.2-3 > Severity: normal > Tags: security > [EMAIL PROTECTED]:/tmp>touch hi-mom > [EMAIL PROTECTED]:/tmp>sudo bash -x pm-suspend > [EMAIL PROTECTED]:/tmp>grep mom /var/log/pm-suspend.log > +++ echo Makefile gconfd-joey gconfd-root gpg-GEXzAV hi-mom mprev > mpstore orbit-joey orbit-root ssh-NIfQf15742 > Makefile gconfd-joey gconfd-root gpg-GEXzAV hi-mom mprev mpstore > orbit-joey orbit-root ssh-NIfQf15742 > ++ '[' -e /etc/pm/sleep.d/hi-mom ']' > ++ '[' -x /usr/lib/pm-utils/sleep.d/hi-mom ']' > I don't know if this is exploitable, but it's certianly Not Good. This has been fixed upstream, by not basenaming (see Lubomir's analysis) something that does not exist. http://gitweb.freedesktop.org/?p=pm-utils.git;a=commitdiff;h=dc6944d6dbce95db990b136ea446d6067f8d60a4 -- Adeodato Simó dato at net.com.org.es Debian Developer adeodato at debian.org Faced with the choice between changing one's mind and proving that there is no need to do so, almost everyone gets busy with the proof. -- J.K. Galbraith
