bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Insecure temporary file use in aliasconv.sh, aliasconv.bash, cshtoba


From: Chet Ramey
Subject: Re: Insecure temporary file use in aliasconv.sh, aliasconv.bash, cshtobash (symlink attack)
Date: Mon, 05 Jan 2009 10:46:22 -0500
User-agent: Thunderbird 2.0.0.19 (Macintosh/20081209)

Roman Rakus wrote:
> Roman Rakus wrote:
>> References:
>>
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5374
>> http://lists.debian.org/debian-devel/2008/08/msg00347.html
>> http://uvw.ru/report.sid.txt
>>
>>
>>
>> Attaching patch. Changed to use mktemp.
>> RR
> Attached a bit improved patch.
> What do you think about it Chet?

I have not had a chance to look at these yet.

Chet
-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer

Chet Ramey, ITS, CWRU    address@hidden    http://cnswww.cns.cwru.edu/~chet/




reply via email to

[Prev in Thread] Current Thread [Next in Thread]