> Hey Dave, are you suggesting that no such exploits exist in Red Hat's
> rpm system? In order for that to be true, rpm would have to be making
> sure that each and every directory along any path that it writes is
> not writable except by priviledged users. I just checked, it doesn't.
>
> We should be using mktemp() to make temporary files, and if we don't
> that is a bug and I'd ask you to please submit a bugzilla entry about
> it if so because that would be a serious hole.
I trust you mean mkstemp(3) here (or mktemp(1), but not
much of RPM is in shell).
Matthew.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/