mmm, following the link makes me even less convinced that there is a problem.
the working/tmp dir is used for rcs tmp files, and twiki session files, both of which use randomised unique filenames. as the Wikipedia page suggests that the problem is avoided by using randomised filenames, we seem to be done? Nico, If i were ignoring what you wrote, I would not be replying. I have unfortunately found nothing so far to make me understand that there in fact is a problem. Evey extra detail you guys are giving me, is reinforcing this opinion As Holger points out, I am a part time packager (over debian, osx, windows, rpm, and soon to be Solaris and maybe a few more), so I'm looking to understand, not just to blindly agree to whatever you say. Sven On Tue, 2007-10-23 at 11:34 +0200, Holger Levsen wrote: > Nico, > > On Tuesday 23 October 2007 10:51, you wrote: > > NOONE SAID THERE IS ANY WEBCONTENT STORED IN THERE, CAN YOU > > PLEASE JUST READ UP WHAT A SYMLINK ATTACK IS? THANKS! > > > > This is the last mail from my side as long as you ignore > > what I wrote in previous mails. > > I understand your frustration (that so many packages have the same security > problems over and over again), but there is no need to yell at someone. > > As I see it, Sven is perfectly willing and able to fix issues in his code, it > just seems to me, that he doesnt understand symlink attacks, probably because > he never heard about them. The solution to make him understand this, is not > to yell at him and stop explaining, but rather continue explaining in a > friendly way. > > Sven, please ignore Nicos tone and have a look at > http://en.wikipedia.org/wiki/Symlink_race :-) > > > Thanks & regards & happy hacking, > Holger -- Professional Wiki Innovation and Support Sven Dowideit - http://DistributedINFORMATION.com A WikiRing Partner http://wikiring.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
