[Pkg-javascript-devel] Bug#715325: Bug#715325: Bug#715325: Bug#715325: npm: leaves lots of stuff in /tmp
Jérémy Lal
kapouer at melix.org
Mon Jul 8 14:33:35 UTC 2013
On 08/07/2013 16:06, Dominique Dumont wrote:
> On Monday 08 July 2013 14:36:24 Jérémy Lal wrote:
>> I still do not understand if this is really a security issue.
>> IMO if a program on your system does that, the whole system is compromised,
>> you can't really be hardening any software against it.
>
> A symlink attack is done by a user of a system against another user on the
> same system. This is not a worry on your laptop, but may be an issue on a
> bigger server in a data center
Thank you for the explanation.
Somehow I understood it was important and forwarded the bug upstream.
Jérémy.
More information about the Pkg-javascript-devel
mailing list