On 9/9/22 2:36 AM, Vincent Bernat wrote:
The attacker is still limited to the target directory. The attacker can send files that were excluded or not requested, but they still end up in the target directory. RPKI validators download stuff in a dedicated download directory
Ah, okay, thanks, its a shame that wasn't included in any of the disclosure posts I managed to find :(
(but it may be shared with several peers)
I assume I'm mis-reading this - RPKI servers aren't able to overwrite output from other RPKI servers, so it shouldn't be shared, no?
Thanks, Matt
