reopen 291680 stop /sbin/firehol has:
--- copy 'n paste ---
#set out umask so that nobody could exploit the tempdir
umask 077
test -d "${FIREHOL_DIR}" && echo "Tempdir already exists. Please remove
it before proceeding" && exit 1
${MKDIR_CMD} -p "${FIREHOL_DIR}"
test $? -gt 0 && exit 1
--- end copy 'n paste ---
which still leaves a window of opportunity between the test and the
creation of the directory for an attacker to sneak in their directory
and symlink.
See upstream's CVS revision 1.226 for a fix:
http://cvs.sourceforge.net/viewcvs.py/firehol/firehol/firehol.sh?r1=1.225&r2=1.226
--
Sam "Eddie" Couter | mailto:[EMAIL PROTECTED]
Debian Developer | mailto:[EMAIL PROTECTED]
| jabber:[EMAIL PROTECTED]
OpenPGP fingerprint: A46B 9BB5 3148 7BEA 1F05 5BD5 8530 03AE DE89 C75C
signature.asc
Description: Digital signature
