Package: masqmail
Version: 0.2.20-1sarge1
Severity: critical

hi,

seems to me that the default config of online_file is pretty insecure:

/tmp/connect_route

given the way it's created by the ip-up script:

[ ROUTEFILE=/tmp/connect_route ]
...
  if [ -n "$SCHEME" ] ; then
    echo -n "$SCHEME" > "$ROUTEFILE"
    chmod 0644 "$ROUTEFILE"
  fi
...

I think adding 

rm -f "$ROUTEFILE"

before 'echo ...' would be enough.

-- paolo

-- System Information
Debian Release: 3.0
Kernel Version: Linux npp 2.4.26-ss-fb-lm287 #1 Fri Jul 16 21:26:09 CEST 2004 
i686 unknown


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to