[Pkg-lustre-maintainers] Bug#496371: Bug#496371: The possibility of attack with the help of symlinks in some Debian packages

Hello Dmitry, Thanks for your test, but atm I've some problems to fix this issue for lustre- tests > In some packages I've discovered scripts with errors which may be used > by a user for damaging important system files or user's files. > > For example if a script uses in its work a temp file which

[Pkg-lustre-maintainers] Bug#496371: Bug#496371: The possibility of attack with the help of symlinks in some Debian packages

This one time, at band camp, Patrick Winnertz said: > I guess the part which is critical is this one: tmpfile=$(mktemp /tmp/iozone.XX) > ---snip-- > while date; do > LOOP=`expr $LOOP + 1` > echo "Test #$LOOP" > iozone $VERIFY $ODIR -r $REC -i 0 -i

[Pkg-lustre-maintainers] Bug#496371: Bug#496371: The possibility of attack with the help of symlinks in some Debian packages

SG> tmpfile=$(mktemp /tmp/iozone.XX) use 'mktemp -t iozone.XX' instead 'mktemp /tmp/iozone.XX' -- ... mpd paused: Manowar - Gloves of Metal . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB

[Pkg-lustre-maintainers] Bug#496371: Bug#496371: The possibility of attack with the help of symlinks in some Debian packages

This one time, at band camp, Patrick Winnertz said: > Thanks Stephen, > > > tmpfile=$(mktemp /tmp/iozone.XX) > I know that this way it is possible. But as the user should find the log > afterwards I would prefer to use /tmp/iozone.log or something else, nothing > random. > But as I wrot