On 14/10/2010 9:39 PM, David F. Skoll wrote:
<snip>
Dumping files into /tmp and giving an attacker substantial control over the filename is a recipe for trouble.
Thanks for the input David. The folder this stuff is going into is actually an SMB mounted folder on another machine. In practise (or rather production) I might well make this a subfolder of /mnt for safety's sake.
N/ _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
