On Sat, 21 Jan 2012 23:14:27 +0100, srm said: > A possible quick fix could be to append $$: > 66: echo "symlink-name: $2" >/tmp/debug.$$ Note that $$ is semi-predictable, so it's still easily exploitable (look at your own process ID, make symlinks for the next 100 or so values of $$, and then launch the exploit as before. 'man 1 mktemp' for a better solution for shell files.
Attachment:
pgpk0QJ2U62f5.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/