Subject: Re: CRITICAL ** Holes in default cron jobs ** CRITICAL To: Giles Lean <giles@nemeton.com.au> From: Perry E. Metzger <perry@piermont.com> List: current-users Date: 12/29/1996 20:21:11
Giles Lean writes:
> There were two holes in the original advisory:
>
> 1. shell metacharacter vulerability of 'ls ... | sh' code
> 2. insecure temporary files
Actually, the issue is swapping directories for symlinks at strategic
moments.
Perry