[Pkg-javascript-devel] Bug#715325: Bug#715325: Bug#715325: Bug#715325: npm: leaves lots of stuff in /tmp
Dominique Dumont
dod at debian.org
Mon Jul 8 14:06:51 UTC 2013
On Monday 08 July 2013 14:36:24 Jérémy Lal wrote:
> I still do not understand if this is really a security issue.
> IMO if a program on your system does that, the whole system is compromised,
> you can't really be hardening any software against it.
A symlink attack is done by a user of a system against another user on the
same system. This is not a worry on your laptop, but may be an issue on a
bigger server in a data center
HTH
--
https://github.com/dod38fr/ -o- http://search.cpan.org/~ddumont/
http://ddumont.wordpress.com/ -o- irc: dod at irc.debian.org
More information about the Pkg-javascript-devel
mailing list