On Tue, 2009-03-24 at 14:50 -0700, Kees Cook wrote: > There is a bug in the Ubuntu bug tracker about xfs's init script being used > in an unsafe fashion. It seems that OpenSUSE has solved this as well: > > "set_up_socket_dir moves /tmp/.font-unix to /tmp/.font-unix.$$. > Unfortunately $$ is predictable and there is no test, that > /tmp/.font-unix.$$ does not already exist. So especially symlink attacks > are possible. The attack is only possible, if /tmp/.font-unix does not > already exist. Then an attacker could create an /tmp/.font-unix file (not > directory) and create some symlinks in the form /tmp/.font-unix.XXXX (where > XXXX are possible PID numbers). The start script than moves /tmp/.font-unix > to an symlinked directory /tmp/.font-unix.XXXX."
Do we want to keep shipping xfs in squeeze? What are its use cases these days? Cheers, Julien -- To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
