[Simon Walter] Re: Bug#506353: mailscanner: many scripts allow
local users to overwrite arbitrary files, and more,
via symlink attacks
Matt
spamlists at coders.co.uk
Tue Dec 9 14:51:44 GMT 2008
Julian Field wrote:
> Well if you can even give me a definitive statement of precisely what
> the underlying theoretical problem is, and how to avoid it, that would
> help. I don't want to write a load of code and then discover I've
> misunderstood the underlying problem and not actually fixed anything.
http://lists.debian.org/debian-devel/2008/08/msg00285.html
The above is the message that starts it all. Basically because the auto
updaters create temporary files in /tmp it is theoretically possible for
a user to create a symlink to another file and compromise the system.
matt
More information about the MailScanner
mailing list