Control: tags -1 - moreinfo On 03/18/2015 11:12 PM, Rebecca N. Palmer wrote: > Yes, the allowed-paths list is intentionally identical to the > (post-#780716-fix) Nasal/IOrules: the purpose of this patch is to move > the checking process to somewhere scripts can't disable. Good, thanks for confirmation. > I'm not aware of any that do, but haven't specifically looked. > > Is untrusted scripts being able to write (not read) /tmp/*.xml a > security or other RC bug (which would require a new upload of flightgear > _and_ flightgear-data with the obvious fixes), or just not a good idea? AFAIUI at the very worst, an untrusted nasal script could override an existing *.xml file in /tmp, which already has its execute permissions set, right? I'm not sure whether "write" here means overriding a file is okay or if it restricts to creating new files, though. Please also keep in mind that the user needs to fetch and install the untrusted nasal script somehow. While not covering everything, I still think the recent upload fixes the most apparent security risk and would appreciate it being unblocked. Regards Markus Wanner
Attachment:
signature.asc
Description: OpenPGP digital signature