Comment 37 for bug 357024

Jamie Strandboge (jdstrand) wrote :

Feedback from vendor-sec is that the patch is probably not good enough, specifically:

"At the very least, you need to add " --" after "rm -f" to prevent
option-passing to "rm" via filenames starting with dashes."

It was then suggested that /var/crash could be cleaned out with a program specifically designed to clean out temporary directories (http://shlang.com/stmpclean/ plus http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/stmpclean/).