Search Mailing List Archives
[tcpcrypt-dev] [PATCH] avoid symlink attacks in launch_tcpcryptd.sh
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Jul 23 09:40:15 PDT 2014
On 07/23/2014 11:50 AM, Andrea Bittau wrote:
> yeah it only seems to be used by the test script so it might not be
> the end of the world.
> i'm concerned with /run/ because i'm not sure how multiplatform it is.
> E.g., mac doesn't seem to have it.
hm, maybe check if /run exists, and use it where it does exist;
otherwise, maybe use ~root ?
It is bad form to use a world-writable directory with a predictable
filename (this would probably get a CVE if it was released this way).
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 949 bytes
Desc: OpenPGP digital signature
More information about the tcpcrypt-dev