subject:"Re\: \[PATCH\] install\-sh\: avoid $low risk$ race in \/tmp"

Re: [PATCH] install-sh: avoid (low risk) race in /tmp

2018-03-11 Thread Mathieu Lirzin

Hello, Sorry for the long delay. Pavel Raiskup writes: > Ensure that nobody can cross privilege boundaries by pre-creating > symlink on '$tmpdir' path. > > Just testing 'mkdir -p' by creating '/tmp/ins$RANDOM-$$/d' is not > safe because '/tmp' directory is usually

Re: [PATCH] install-sh: avoid (low risk) race in /tmp

2018-02-27 Thread Mathieu Lirzin

Hello thomas, Thomas Deutschmann writes: > Pavel Raiskup submitted a patch to avoid a (low risk) race > in /tmp in April 2015 [1] which still isn't merged. > > Was there a reason or was it just forgotten? Maybe we can > add it now? Yes it has just been forgotten, if the

Re: [PATCH] install-sh: avoid (low risk) race in /tmp

2018-02-27 Thread Thomas Deutschmann

Hi, Pavel Raiskup submitted a patch to avoid a (low risk) race in /tmp in April 2015 [1] which still isn't merged. Was there a reason or was it just forgotten? Maybe we can add it now? It is currently present in Red Hat, Debian and Gentoo (haven't checked more distributions). See also:

Re: [PATCH] install-sh: avoid (low risk) race in /tmp

Re: [PATCH] install-sh: avoid (low risk) race in /tmp

Re: [PATCH] install-sh: avoid (low risk) race in /tmp

3 matches

Site Navigation

Mail list logo

Footer information