Steve Langasek <[EMAIL PROTECTED]> writes: > The example *is* wrong - the example given is never safe to run, because > the only way to verify beforehand that /tmp/zenity is not a symlink to > something more important is by first explicitly *creating* your file > funder /tmp (non-destructively), then check that it's not a symlink, and > *then* run pilot-qof.
I dunno, I'd feel quite comfortable running that command on my personal laptop, which has no other users and no remote login access. /tmp file vulnerabilities are only vulnerabilities on multiuser systems. We don't know for *packages* whether they'll be installed on multiuser systems, so of course we have to fix them regardless, but in examples I think it's often reasonable to be sloppier. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
