|
|
|
|
|
|
by acdha
8 days ago
|
|
|
My point about coreutils was that they’re rarely used in situations where an attacker can provide arbitrary input - it’s more like race conditions with code already running on the same system trying to escalate access – so what you need to protect against are things like race conditions around file operations or symlink safety. |
|
|