Re: [SuSE 9.0] possible symlink attacks in some scripts

[Thomas Biege <thomas () suse de>]

> greetings,

Hello.

> i have done a litte reseach on a SuSE linux 9.0 box
> for possible symlink attacks. i have checked nearly
> every script i could found on the system. i havent
> found much and nothing very special.

Good.


> i dont have a
> clue if the following scripts are somewhere on the
> system executed but maybe someone useses them in a
> script or something like that.

We will fix the bugs you found, but it's always nicer
to contact us before you go public with bug-reports.
Just write an eMail to security () suse de and you will
get an answer after a few hours or less.


Bye,
     Thomas
-- 
  Thomas Biege <thomas () suse de>, SUSE LINUX AG, Security Support & Auditing
--
# If you have the "driftnet" program installed, webcollage can display a
# collage of images sniffed off your local ethernet, instead of pulled out
# of search engines: in that way, your screensaver can display the images
# that your co-workers are downloading!
                                          -- xscreensaver source-code