On Wed, 2011-07-13 at 18:48 +0200, Francois Tigeot wrote:
> On Wed, Jul 13, 2011 at 09:16:33AM -0600, Tor Lillqvist wrote: > Do we
> really want to have those access() checks there? > > I am not evil
> enough to think of a way to abuse that code (insert maniacal
> laughter), but in general, isn'
> Would that be more acceptable ?
Well, I am not saying they are unacceptable.
I just wanted a bit of discussion with perhaps somebody actually clueful about
security issues giving their opinion;)
Quite possibly the checks make good sense, and are not a risk as nobody is
going to run LibreOff
On Wed, Jul 13, 2011 at 09:16:33AM -0600, Tor Lillqvist wrote:
> Do we really want to have those access() checks there?
>
> I am not evil enough to think of a way to abuse that code (insert maniacal
> laughter), but in general, isn't that exactly the kind of coding that could
> be a security vul
On Wed, Jul 13, 2011 at 09:16:33AM -0600, Tor Lillqvist wrote:
> Do we really want to have those access() checks there?
>
> I am not evil enough to think of a way to abuse that code (insert maniacal
> laughter), but in general, isn't that exactly the kind of coding that could
> be a security vul
Do we really want to have those access() checks there?
I am not evil enough to think of a way to abuse that code (insert maniacal
laughter), but in general, isn't that exactly the kind of coding that could be
a security vulnerability? (TOCTTOU seems to be the technical term,
http://en.wikipedia
