[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security vulnerability in automake

From: Lawrence Teo
Subject: Re: Security vulnerability in automake
Date: Fri, 07 Jun 2002 21:03:33 -0400

> Likewise, having a "hardened" config.guess file would not necessarily
> prevent symlink attacks, but it'll definitely make it much harder for an
> attacker to exploit it, even if the admin is sloppy.

An attacker is hardly likely to distribute a "hardened" config.guess

Of course the attacker won't distribute a hardened config.guess. But look at my attack example shown in my reply to Allan's mail:

That attack does *not* require an attacker to distribute a hardened config.guess, or change the original source code of the package in any way.


Chat with friends online, try MSN Messenger:

reply via email to

[Prev in Thread] Current Thread [Next in Thread]