Re: gpilotd & corba

From: Eskil Heyn Olsen <deity trinity dbc bib dk>
To: gnome-pilot-list gnome org
Subject: Re: gpilotd & corba
Date: Thu, 17 Sep 1998 19:42:40 +0200 (MET DST)

On Wed, 16 Sep 1998, Michael Fulbright wrote:

> > 4) Currently, I'll store all requests as files /var/spool/gpilotd/
> > $USER/, and let the name/contents indicate what to do, and the forked
> If this directory has a predictable name, cant some nasty person take
> advantage of this (like all the /tmp exploits recently discussed)?

Well, if the gpilotd writes the requests to /var/spool/gpilotd/drmike,
which has mod drwx------, and gpilotd upon sync, forks and setuids to you,
I think it will be quite secure, but then again, I'm no master cracker.

> At a minimum I guess you just take a look at the existing path and make
> sure its really setup like you want before you use it.

What do you mean ?

eskil
---

Follow-Ups:
- Re: gpilotd & corba
  - From: Michael Fulbright

References:
- Re: gpilotd & corba
  - From: Michael Fulbright

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]