Bug#287601: vdradmin: Vdradmin.pl script vulnerable to symlink
Javier Fernández-Sanguino Peña
Wed, 29 Dec 2004 12:40:04 +0100
Content-Type: text/plain; charset=us-ascii
On Wed, Dec 29, 2004 at 12:22:50PM +0100, Thomas Schmidt wrote:
> > I still need to check it further and do some tests before I open up the
> > bug...
> Thank you very much for your help, it would be very nice, if you could
> write some patches to resolve this problem, because it is the first
> time that i am confronted with such a problem, and i do not really know
> how to make these functions secure.
Well, google is your friend but I'll give you some pointers, if you try to=
search for "symlink attack temporary race condition" you will get _lots_ of=
bug reports and advisories related to this security issue.
For starters, the following documentation might be useful:
(a must read)
(covers shell scripts only)
(this is somewhat Tru64 specific, but quite good)
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
-----END PGP SIGNATURE-----