On 2 February 2012 13:40, Matthijs Mekking <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Using mkstemp will not solve this attack, since you can do the same > trick for /the/zone-name (without .tmp), or any other file location
If the target filename of the rename is a symlink, the symlink will be overwritten. But anyway, that spot caught my attention and prompted me to think aloud, that's all :) cheers, _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
