>>>>> On Wed, 31 Mar 2010 10:18:25 +0200, Michael Tautschnig <m...@debian.org>
>>>>> said:
> Would you mind explaining how this could possibly be "exploited"? There is
A user could create a symlink pointing to a file (e.g. /etc/passwd)
which will then be overwritten when root calls fai softupdate.
Maybe this is not a security but more a DoS attack. But it's forbidden
to use fixed filenames in world writeable directories (you should use
mktemp there).
--
regards Thomas
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
