[LWN Logo]
[Timeline]
Date:         Mon, 9 Oct 2000 18:09:07 +0200
From: Roman Drahtmueller <draht@SUSE.DE>
Subject:      SuSE: tmpwatch
To: BUGTRAQ@SECURITYFOCUS.COM

-----BEGIN PGP SIGNED MESSAGE-----

Hello,

the tmpwatch packages as shipped with SuSE distributions are not
vulnerable to the attacks as discussed on security forums, initiated and
discovered by zenith parsec <zenith_parsec@THE-ASTRONAUT.COM>.

The version of tmpwatch that we ship is a bit older than the bleeding
edge, but it has proven to do what it says, which is just as important.
We did not (silently) fix the problems in the package - the version that
we use does not have the features that cause the security problems.

Undoubtedly, the utility has its use. But for efficient (temp-watch
competes for 100% system resources) and reliable monitoring of directories
without any race conditions it would be necessary to have the kernel do
the major part of the work.

Thanks,
Roman.
- --
 -                                                                      -
| Roman Drahtmüller      <draht@suse.de> //          "Caution: Cape does |
  SuSE GmbH - Security           Phone: //       not enable user to fly."
| Nürnberg, Germany     +49-911-740530 // (Batman Costume warning label) |
 -                                                                      -

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBOeHtbney5gA9JdPZAQGl5Qf/WDVAqiaioXHfe2UZ9H9ofTX6DnmFbtRx
cSGN2ws7MD6/ebUJ06QRVxpnaYe76NDV8tJCk9nV+I2XpLD5fLq+oEIk/0EJ6M5+
7RXG7FxkxLxRsWUqyHfDGtoHn3H43evWp5QLlaz087YYrpGcD9odOgWMSxs340ex
dYJf5/wKnXIX/SxNLbxRuOzyA7RU2FD46i/uzmXNjmVyzolbsNTCn0/LCmToahaA
UmqakzKkhJu++13pPfPAks0TTLwbwWOYCiBbQrmdGyu3BB8rqsl/vw72O9O0Ocue
e6y75DvqtiFDJlVhf/i7yMqiDW6Vo9J0HU+h/dSI/QdXZUj18pNJ2w==
=uWou
-----END PGP SIGNATURE-----