Hi,
I wouldn't call this a new class of vulnerabilities, it's just one
of the symptons of a lack of secure programming in a concurrent
environment. Unix-like systems are full of it; I guess there's probably
a couple of hundreds of programs in Debian that make use of access(2)
for permission checks etc.
I think the severity is only minor, because the timespan for a possible
exploit is so minimal, that an attacker would need some fam-like
mechanism to monitor the file and still the gain would be small.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
