Re: [Cgi-session-user] FW: Security issue about CGI::Session
Brought to you by:
sherzodr
Menu
▾
▴
Re: [Cgi-session-user] FW: Security issue about CGI::Session
|
From: Kenneth P. <sh...@se...> - 2006-03-21 21:00:40
|
On Tuesday, March 21, 2006 2:17 PM -0600 Matt LeBlanc <mle...@cp...> wrote: > This is why the code now checks for symlinks prior to opening the file > for writing and attempts to delete the file and returns an error if > failing the deletion. Don't you still have a window of vulnerability between the delete and create when a malicious local process could recreate the symlink? |
