Hello martin,
now the temporary file is freshly created via create_temp_file
(src/openvpn/misc.c) and deleted at end via platform_unlink
(src/openvpn/platform.c).
[quote]
The command is also passed the pathname of a freshly created temporary
file as the last argument (after any arguments specifi
also sprach Zygo Blaxell [2010.01.21.0848
+1300]:
> Why does a simple shell script create a vulnerability here?
Because it specifies the filename of a not-yet-created temporary
file and expects results in there.
--
.''`. martin f. krafft Related projects:
: :' : proud Debian develop
Why does a simple shell script create a vulnerability here?
A shell script should already be using code like this:
set -e
tmp="`mktemp`"
echo "blah blah" > "$tmp"
echo "more blah blah" >> "$tmp"
mv -f "$tmp" "$1"
for two reasons: using mktemp avoids a sym
Package: openvpn
Version: 2.1~rc15-1
Severity: important
Tags: security
OpenVPN's --client-connect option is described as follows:
--client-connect script
Run script on client connection. The script is passed the
common
name and IP address of the just-authen
4 matches
Mail list logo
