> On Thu, 5 May 2005 16:02:33 -0400, Joey Hess <[EMAIL PROTECTED]> said:
> severity 307632 normal
> can be performed on unsafely created temp files. The program in question
> is run during a fai install, before the system is multiuser, and so its
> unsafe temp files cannot be
Holger Levsen wrote:
> This is not true/right, since fai 2.8 "fai" can run on a running system, so
> there might be ways to exploit this.
Ah sorry I wasn't aware of this. I can verify that it's exploitable if
you run it on a running system, FWIW.
--
see shy jo
signature.asc
Description: Digi
Hi Joey,
On Thursday 05 May 2005 22:02, Joey Hess wrote:
> This bug is not RC and is not a security issue. The piece of policy
> quoted is intended to warn against attacks such as symlink attacks that
> can be performed on unsafely created temp files. The program in question
> is run during a fai
severity 307632 normal
thanks
This bug is not RC and is not a security issue. The piece of policy
quoted is intended to warn against attacks such as symlink attacks that
can be performed on unsafely created temp files. The program in question
is run during a fai install, before the system is multi
4 matches
Mail list logo
