[17110] in bugtraq
SuSE: tmpwatch
daemon@ATHENA.MIT.EDU (Roman Drahtmueller)
Mon Oct 9 14:35:01 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8BIT
Message-Id: <Pine.LNX.4.21.0010091610550.4052-100000@dent.suse.de>
Date: Mon, 9 Oct 2000 18:09:07 +0200
Reply-To: Roman Drahtmueller <draht@SUSE.DE>
From: Roman Drahtmueller <draht@SUSE.DE>
X-To: suse-security@suse.de
To: BUGTRAQ@SECURITYFOCUS.COM
-----BEGIN PGP SIGNED MESSAGE-----
Hello,
the tmpwatch packages as shipped with SuSE distributions are not
vulnerable to the attacks as discussed on security forums, initiated and
discovered by zenith parsec <zenith_parsec@THE-ASTRONAUT.COM>.
The version of tmpwatch that we ship is a bit older than the bleeding
edge, but it has proven to do what it says, which is just as important.
We did not (silently) fix the problems in the package - the version that
we use does not have the features that cause the security problems.
Undoubtedly, the utility has its use. But for efficient (temp-watch
competes for 100% system resources) and reliable monitoring of directories
without any race conditions it would be necessary to have the kernel do
the major part of the work.
Thanks,
Roman.
- --
- -
| Roman Drahtm|ller <draht@suse.de> // "Caution: Cape does |
SuSE GmbH - Security Phone: // not enable user to fly."
| N|rnberg, Germany +49-911-740530 // (Batman Costume warning label) |
- -
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQEVAwUBOeHtbney5gA9JdPZAQGl5Qf/WDVAqiaioXHfe2UZ9H9ofTX6DnmFbtRx
cSGN2ws7MD6/ebUJ06QRVxpnaYe76NDV8tJCk9nV+I2XpLD5fLq+oEIk/0EJ6M5+
7RXG7FxkxLxRsWUqyHfDGtoHn3H43evWp5QLlaz087YYrpGcD9odOgWMSxs340ex
dYJf5/wKnXIX/SxNLbxRuOzyA7RU2FD46i/uzmXNjmVyzolbsNTCn0/LCmToahaA
UmqakzKkhJu++13pPfPAks0TTLwbwWOYCiBbQrmdGyu3BB8rqsl/vw72O9O0Ocue
e6y75DvqtiFDJlVhf/i7yMqiDW6Vo9J0HU+h/dSI/QdXZUj18pNJ2w==
=uWou
-----END PGP SIGNATURE-----
