|
|
@@ -1,8 +1,10 @@
|
|
|
<sect2>
|
|
|
<title>Command explanations</title>
|
|
|
|
|
|
-<para>The sed commands fix a symlink vulnerability in ed. See
|
|
|
-<ulink url="http://www.securityfocus.com/templates/advisory.html?id=3308">
|
|
|
-http://www.securityfocus.com/templates/advisory.html?id=3308</ulink> for
|
|
|
-more information.</sect2>
|
|
|
+<para>The sed commands fix a symlink vulnerability in ed. The ed
|
|
|
+executable creates files in /tmp with predictable names. By using
|
|
|
+various symlink attacks, it is possible to have ed write to files
|
|
|
+it should not, change the permissions of various files, etc.</para>
|
|
|
+
|
|
|
+</sect2>
|
|
|
|
Gerard Beekmans