From: Larry McVoy <lm@bitmover.com>
Date: Tue, 19 Mar 2002 15:44:36 -0800
Hey Dave, are you suggesting that no such exploits exist in Red Hat's
rpm system? In order for that to be true, rpm would have to be making
sure that each and every directory along any path that it writes is
not writable except by priviledged users. I just checked, it doesn't.
We should be using mktemp() to make temporary files, and if we don't
that is a bug and I'd ask you to please submit a bugzilla entry about
it if so because that would be a serious hole.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Mar 23 2002 - 22:00:20 EST