5569514 2000-10-09 21:37 /45 rader/ Brevbäraren (som är implementerad i) Python Mottagare: Bugtraq (import) <13175> Ärende: SuSE: tmpwatch ------------------------------------------------------------ From: Roman Drahtmueller <draht@SUSE.DE> To: BUGTRAQ@SECURITYFOCUS.COM Message-ID: <Pine.LNX.4.21.0010091610550.4052-100000@dent.suse.de> -----BEGIN PGP SIGNED MESSAGE----- Hello, the tmpwatch packages as shipped with SuSE distributions are not vulnerable to the attacks as discussed on security forums, initiated and discovered by zenith parsec <zenith_parsec@THE-ASTRONAUT.COM>. The version of tmpwatch that we ship is a bit older than the bleeding edge, but it has proven to do what it says, which is just as important. We did not (silently) fix the problems in the package - the version that we use does not have the features that cause the security problems. Undoubtedly, the utility has its use. But for efficient (temp-watch competes for 100% system resources) and reliable monitoring of directories without any race conditions it would be necessary to have the kernel do the major part of the work. Thanks, Roman. - -- - - | Roman Drahtmüller <draht@suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - - -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBOeHtbney5gA9JdPZAQGl5Qf/WDVAqiaioXHfe2UZ9H9ofTX6DnmFbtRx cSGN2ws7MD6/ebUJ06QRVxpnaYe76NDV8tJCk9nV+I2XpLD5fLq+oEIk/0EJ6M5+ 7RXG7FxkxLxRsWUqyHfDGtoHn3H43evWp5QLlaz087YYrpGcD9odOgWMSxs340ex dYJf5/wKnXIX/SxNLbxRuOzyA7RU2FD46i/uzmXNjmVyzolbsNTCn0/LCmToahaA UmqakzKkhJu++13pPfPAks0TTLwbwWOYCiBbQrmdGyu3BB8rqsl/vw72O9O0Ocue e6y75DvqtiFDJlVhf/i7yMqiDW6Vo9J0HU+h/dSI/QdXZUj18pNJ2w== =uWou -----END PGP SIGNATURE----- (5569514) ------------------------------------------(Ombruten)