On Thu, 26 Apr 2007 19:47:04 -0700 Roland Dreier <[EMAIL PROTECTED]> wrote:
> > > I'm sorry, I'm not familiar with the code. > > > I was just saying that using /tmp/ibnetdiscover.topology is clearly > > > a security risk since /tmp is world-writeable. Isn't it? > > > > However, I think the risk is pretty low. The scripts only use this > information > > to report other information about the subnet. The only damage would be if > an > > admin misinterpreted this information and did something bad to the net. > > You're not being devious enough. Look up "symlink attack" to see one > idea of something evil that an attacker could do. 0:-) I sit corrected. Ira _______________________________________________ general mailing list [email protected] http://lists.openfabrics.org/cgi-bin/mailman/listinfo/general To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
