On Fri, Feb 06, 2015 at 02:16:06AM -0700, Reyk Floeter wrote: > The write_file() privsep interface was too permissive and > theoretically allowed the unprivileged child process to write to > arbitrary files. Restrict it by replacing it with two specific > write_resolv_conf() and write_option_db() privsep interfaces where all > the critical decision has been moved to the parent. > > OK krw@ >
I forgot to mention: the problem was found by and discussed with Matthew Dempsky (matthew@). Reyk
