diff options
author | Manoj Srivastava <srivasta@debian.org> | 2008-08-29 17:53:34 -0500 |
---|---|---|
committer | Manoj Srivastava <srivasta@debian.org> | 2008-08-29 17:53:34 -0500 |
commit | 2a8e492657d22f1ee00ea8e3d7a76b900b7bcd18 (patch) | |
tree | e1c1bb88f9b33ef007e684e89c34d9acda8e7510 /mcon/U/Extract.U | |
parent | 6ed168ff814db8f9bcaad6f2e218fb2bbacbdb1c (diff) |
Fix unsafe use of symbolic links in /tmp
If a script uses a temp file which is created in /tmp, then an
attacker can create symlink with the same name in this directory in
order to destroy or rewrite some system or user files. Symlink attack
may also lead not only to the data desctruction but to denial of
service as well. Creating files with rand or pid to randomize the file
names is not adequate to protect the system.
We now use File::Temp to safely create the temporary files as needed.
Signed-off-by: Manoj Srivastava <srivasta@debian.org>
Diffstat (limited to 'mcon/U/Extract.U')
0 files changed, 0 insertions, 0 deletions