|
From: | Lawrence Teo |
Subject: | Re: Security vulnerability in automake |
Date: | Fri, 07 Jun 2002 21:03:33 -0400 |
> Likewise, having a "hardened" config.guess file would not necessarily > prevent symlink attacks, but it'll definitely make it much harder for an > attacker to exploit it, even if the admin is sloppy. An attacker is hardly likely to distribute a "hardened" config.guess
Of course the attacker won't distribute a hardened config.guess. But look at my attack example shown in my reply to Allan's mail:
http://mail.gnu.org/pipermail/automake/2002-June/011190.htmlThat attack does *not* require an attacker to distribute a hardened config.guess, or change the original source code of the package in any way.
Lawrence _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com
[Prev in Thread] | Current Thread | [Next in Thread] |