On Mon, Oct 30, 2006 at 10:56:28PM +0100, Marco d'Itri wrote: > By creating a /tmp/start_thttpd symlink a local attacker will be able to > create/touch any file as root.
Thanks for the report. Once I get a CVE identifier allocated I'll handle an update for Sarge. Daniel if you have a preferred patch that would be appreciated, otherwise I'll come up with a solution and add it to this bug. Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
