Package: masqmail
Version: 0.2.20-1sarge1
Severity: critical
hi,
seems to me that the default config of online_file is pretty insecure:
/tmp/connect_route
given the way it's created by the ip-up script:
[ ROUTEFILE=/tmp/connect_route ]
...
if [ -n "$SCHEME" ] ; then
echo -n "$SCHEME" > "$ROUTEFILE"
chmod 0644 "$ROUTEFILE"
fi
...
I think adding
rm -f "$ROUTEFILE"
before 'echo ...' would be enough.
-- paolo
-- System Information
Debian Release: 3.0
Kernel Version: Linux npp 2.4.26-ss-fb-lm287 #1 Fri Jul 16 21:26:09 CEST 2004
i686 unknown
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]