>>>>> On Wed, 31 Mar 2010 10:18:25 +0200, Michael Tautschnig <[email protected]> 
>>>>> said:

    > Would you mind explaining how this could possibly be "exploited"? There is
A user could create a symlink pointing to a file (e.g. /etc/passwd)
which will then be overwritten when root calls fai softupdate.
Maybe this is not a security but more a DoS attack. But it's forbidden
to use fixed filenames in world writeable directories (you should use
mktemp there).
-- 
regards Thomas



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to