[ On , December 6, 2003 at 19:52:00 (-0000), Christian Biere wrote: ]
> Subject: bin/23678: send-pr could be a little more secure
>
> Imagine, the admin finds a
> security bug and uses send-pr to report. Unless the admin hasn't set
> TMPDIR to a private directory and/or uses umask 077 any local user can
> read the PR for a short time before it's mailed or much longer in case
> sendmail fails resp. send-pr is aborted to procede with the method
> mentioned above.

While I think worrying over the privacy of something that's eventually
going to be published to the public, even if in a semi-confidential
manner is kinda silly, I'd also like to point out that any admin not
setting TMPDIR to an already private directory, probably under their
$HOME, is a far greater and more generic security issue.  System
administrators really should treat their own personal account with as
much, or perhaps even greater, care as they treat the superuser account,
especially if they use "su" from their account.

-- 
						Greg A. Woods

+1 416 218-0098                  VE3TCP            RoboHack <woods@robohack.ca>
Planix, Inc. <woods@planix.com>          Secrets of the Weird <woods@weird.com>