On Wed January 30 2008, Stefan Seyfried wrote: > If somebody managed to get a symlink where the logfile should be, you are > fscked. So i think this is less secure.
And what if somebody gets /usr/lib/pm-utils/bin/pm-action to be an arbitrary binary? Then you are fscked, too. I do not see the point, how changing the logfile is easier than changing any other component of pm-utils. Regards, Till
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Pm-utils mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/pm-utils
