Re: AfterStep asfsm tmp hole

[kris () SNOW UTORONTO CA (Kristofer Coward)]

> > The disk usage monitor that comes with AfterStep (asfsm) overwrites
> > /usr/tmp/statfs regularly as whoever launched it, allowing the typical
> > symlink crap we've come to expect, including a possible DoS if run as
> > root.
>
> Which version?  Have you contacted the developers first?!

1.4.x (haven't checked 1.0, or 1.5pre). I posted to the as list before
writing here, that post also told them that it would be posted here. It's
a small enough bell/whistle that most of the world should be able to live
without it until it's patched (not that that should take long).

Kris Coward