[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Another IE trick (Re: IE sucks : sun java virtual machine insecure tmp file creation)

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Another IE trick (Re: IE sucks : sun java virtual machine insecure tmp file creation)
From: "Eric Paynter" <eric@xxxxxxxxxxxxxxx>
Date: Fri, 9 Jul 2004 09:26:23 -0700 (PDT)

On Fri, July 9, 2004 7:43 am, http-equiv@xxxxxxxxxx said:
> There are lots of little .tmp files generated and accessible
> remotely to be had, Adobe *.pdf's and  a vast array of Microsoft
> Office 2003 crud to name just two. Many others which have been
> identified and discussed in the past as well.

I think:

mount /dev/xxxx /tmp -o noexec

would reduce the risk significantly. Can you do something equivalent in
Windows?

-Eric

--
arctic bears - affordable custom email and name services
http://www.arcticbears.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re[2]: [Full-Disclosure] Another IE trick (Re: IE sucks : sun java virtual machine insecure tmp file creation)
  - From: 3APA3A
- Re: [Full-Disclosure] Another IE trick (Re: IE sucks : sun java virtual machine insecure tmp file creation)
  - From: Nick FitzGerald

References:
- [Full-Disclosure] Another IE trick (Re: IE sucks : sun java virtual machine insecure tmp file creation)
  - From: http-equiv@xxxxxxxxxx

Prev by Date: Re[2]: [Full-Disclosure] Another IE trick (Re: IE sucks : sun java virtual machine insecure tmp file creation)
Next by Date: [Full-Disclosure] Another IE trick (Re: IE sucks : sun java virtual machine insecure tmp file creation)
Previous by thread: [Full-Disclosure] Another IE trick (Re: IE sucks : sun java virtual machine insecure tmp file creation)
Next by thread: Re[2]: [Full-Disclosure] Another IE trick (Re: IE sucks : sun java virtual machine insecure tmp file creation)
Index(es):
- Date
- Thread