Ludo', Thanks for your report :-p
The 1777 is obviously very bad, no question. However: question: Ludovic Courtès 写道:
I don’t see how to let the daemon create ‘per-user/$USER’ on behalf of the client for clients connecting over TCP. Or we’d need to add achallenge mechanism or authentication.
I need more cluebat please: say I'm an attacker and connect to your daemon (over TCP, why not), asking it to create an empty ‘per-user/ludo’.
Assuming the daemon creates it with sane permissions (say 0755) & without any race conditions, what's my evil plan now?
Kind regards, T G-R
signature.asc
Description: PGP signature
