Branches for Hoary

Author: Martin Pitt
Revision Date: 2005-03-24 10:20:03 UTC

* SECURITY UPDATE: Fix insecure temporary file handling.
* 23_debug_tmpfile.dpatch:
  - rscsi/rscsi.c: Do not blindly open the temporary file for debugging
    (which defaults to being in /tmp), but check if it already exists and
    exit if so. This avoids symlink attacks.
  - rscsi/rscsi.dfl: Do not recommend to use /tmp/ as output directory for
    debugging to avoid DoS situations when the temporary file already
    exists.
 - Note: Debugging is disabled by default.
 - Thanks to Javier Fernández-Sanguino Peña <jfs@computer.org> for spotting
   this and the patch.
 - References:
   http://bugs.debian.org/291376