Hi, On Fri, 21 Apr 2000, Andreas Gruenbacher wrote:
it had been announced to info@suse.de about one year ago, but the bug still exists in /etc/cron.daily/aaa_base (or perhaps also /root/bin/cron.daily for older SuSE versions). Tested on SuSE 6.0 and 6.3 but probably existent on earlier versions.
The same for 6.4.
Would someone from SuSE care to comment on this stupid bug?
We working for a fix.
Here the patch for suse-package aaa_base-2000.1.3-0:
[...]
Using the `-print0' option to find and `--null' argument to xargs does a better job, btw.
But it isn't safe against link attacks in tmp. BTW, I hope my comment wasn't stupid. Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47