Date: Sat, 28 Dec 1996 02:09:27 +0100 From: Wolfram Schneider <wosch@cs.tu-berlin.de> To: Bruce Evans <bde@zeta.org.au> Cc: security@freebsd.org Subject: Re: FALSE ALARM: Re: Another buggy root cron job Message-ID: <199612280109.CAA01043@campa.panke.de> In-Reply-To: <199612251345.AAA26072@godzilla.zeta.org.au> References: <199612251345.AAA26072@godzilla.zeta.org.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Bruce Evans writes: >There's a similar potential hole in mkdep. This hole is a bit larger >than the one for the race in mktemp(). No one runs `make depend' or >compiles things as root on public machines, right? ;-) TMP=_mkdep$$ should fix the problem - it put the temp files into the current working directory. The source tree or object tree should not be world writable ;-) Wolfram
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199612280109.CAA01043>