Symlink attack in file.c?


Something I came across a couple of times this week, just now in
relation to an RFE regarding file permissions on copying fat files in
RHs bugzilla

A commit by "pavel" (Machek?) who added the remark
"FIXME: You have security hole here, btw. Imagine copying to /tmp and
symlink attack :-("

Is there anybody that can explain to me what he's concerned about and if
that is still an issue? If so this is a rather long standing hole... If
not, let's get rid of that warning.


mount -t life -o ro /dev/dna /genetic/research

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]