>>>>> On Wed, 31 Mar 2010 10:18:25 +0200, Michael Tautschnig <[email protected]>
>>>>> said:
> Would you mind explaining how this could possibly be "exploited"? There is
A user could create a symlink pointing to a file (e.g. /etc/passwd)
which will then be overwritten when root calls fai softupdate.
Maybe this is not a security but more a DoS attack. But it's forbidden
to use fixed filenames in world writeable directories (you should use
mktemp there).
--
regards Thomas
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]