[sbopkg-users] Security Issue - TMP files
Chess Griffin
chess at chessgriffin.com
Fri Feb 20 14:25:29 UTC 2009
* Phillip Warner <phillip.c.warner at gmail.com> [2009-02-19 22:55:46]:
> all of these little temporary files that sbopkg uses to keep track of
> itself are not necessarilly in a folder that is owned by root. This
> allows the user that does own TMP (/tmp/SBo by default) to delete and
> replace those temporary files with potentially malicious files.
>
> I suggest that TMP be forced to be owned by root. It should at least
> be checked and a clear warning given if it isn't secure.
A lot of things will be changing after the next release when we remove
the 'user mode' support and this is one of them. Stay tuned. :-)
--
Chess Griffin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://sbopkg.org/pipermail/sbopkg-users/attachments/20090220/11f246e1/attachment.sig>
More information about the sbopkg-users
mailing list