[Simon Walter] Re: Bug#506353: mailscanner: many scripts allow local users to overwrite arbitrary files, and more, via symlink attacks

Ben Winslow winslowb at pa.net
Tue Dec 9 15:55:18 GMT 2008

On Tue, 9 Dec 2008 16:46:48 +0100
"Glenn Steen" <glenn.steen at gmail.com> wrote:

> Why not either remove any preexisting file (provided it is a symlink)
> or barf and die?

That's the fix employed in the trend-autoupdate script, although you
also have to create a temporary directory to work in (which the script
does) or there'll still be a race condition.

> Cheers

Ben Winslow <winslowb at pa.net>

More information about the MailScanner mailing list