[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#77257: FWD: Joe's Own Editor File Link Vulnerability

Josip Rodin <jrodin@public.srce.hr> wrote:
> severity 77257 normal
> retitle 77257 Joe's Own Editor File Link Vulnerability
> merge 34524 77257
> thanks

> BTW I just noticed this bug is not at all new or unheard of, it's been
> reported by rcw exactly 1 year and 252 days ago, in #34524. If people have
> survived with such a problem for years and years, there's no need to pretend
> we really started caring about it now. If a fix is made - great! but if it's
> not, this bug is just going to stay on the big old heap of joe bugs that
> nobody ever fixed. :/

Ugh, but this is a security issue.  Indeed, if root were using joe and editing
a file in /tmp, it'd be a root exploit.

Besides, it's not as if it's hard to fix or anything, just copy whatever
nvi does.
Debian GNU/Linux 2.2 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Reply to: