[sbopkg-users] Security Issue - TMP files
Phillip Warner
phillip.c.warner at gmail.com
Fri Feb 20 04:55:46 UTC 2009
all of these little temporary files that sbopkg uses to keep track of
itself are not necessarilly in a folder that is owned by root. This
allows the user that does own TMP (/tmp/SBo by default) to delete and
replace those temporary files with potentially malicious files.
I suggest that TMP be forced to be owned by root. It should at least
be checked and a clear warning given if it isn't secure.
--phillip
More information about the sbopkg-users
mailing list