> I hate to jump in here (really I do) but 'a' probably happens alot. All
> of the recommended locations are system directories. As for 'b' and
> 'c', I think those are considered trivial things to do, since this would
> be a relativly easy thing to expliot (search some of the security list
> archives, this isn't quite as easy as the buffer overflow on x86
> problem, but still trivial).
'c' is a piece of cake. People wrote tools using directory notifiers that
do nothing but try and subvert every /tmp/ file as it appears. Neat and
novel [ab]use of it.
This is however a kernel list. Security notifications ought to go to the
vendor and if they dont respond after a while to bugtraq where it would
be on topic and score you leetness bonuses
Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Mar 23 2002 - 22:00:20 EST