> That's not a fix, that's creating a latent security problem with clobbering > a file name that's known in advance so you can plant things under that name > and have it overwrite a different file that you normally wouldn't be able to > access.
I'm not following what you are trying to describe. If a bad guy can set things up so the write to a file does something nasty, can't they just do the nasty stuff directly? Changing the mode would work. But then we have to decide what mode to use. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
