[Simon Walter] Re: Bug#506353: mailscanner: many scripts allow
local users to overwrite arbitrary files, and more,
via symlink attacks
Ben Winslow
winslowb at pa.net
Tue Dec 9 15:55:18 GMT 2008
On Tue, 9 Dec 2008 16:46:48 +0100
"Glenn Steen" <glenn.steen at gmail.com> wrote:
> Why not either remove any preexisting file (provided it is a symlink)
> or barf and die?
That's the fix employed in the trend-autoupdate script, although you
also have to create a temporary directory to work in (which the script
does) or there'll still be a race condition.
> Cheers
--
Ben Winslow <winslowb at pa.net>
More information about the MailScanner
mailing list