> > I'm sorry, I'm not familiar with the code. > > I was just saying that using /tmp/ibnetdiscover.topology is clearly > > a security risk since /tmp is world-writeable. Isn't it? > > However, I think the risk is pretty low. The scripts only use this > information > to report other information about the subnet. The only damage would be if an > admin misinterpreted this information and did something bad to the net.
You're not being devious enough. Look up "symlink attack" to see one idea of something evil that an attacker could do. _______________________________________________ general mailing list [email protected] http://lists.openfabrics.org/cgi-bin/mailman/listinfo/general To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
