fredag den 3 december 2010 klockan 15:39 skrev Jakub Wilk detta: > * Mats Erik Andersson <[email protected]>, 2010-12-03, 14:54: >> In the particular case at hand, I am dealing with the removal of >> a temporary file, used with mktemp at creation time, so one small >> breach would be that a malicious intruded managed to find the file >> name, and to delete said file, before the purge action came to its >> conclusion. > > The intruder would need root privileges to remove the file, wouldn't he?
Whatever privileges the executor if the postinst is using. In practice that would be root access. Thus a "theoretical" possibility as long as the intruder does not find more important sabotage to attend to. Your original objection stays impeccable. Mats E A -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
