Re: Bug#77257: FWD: Joe's Own Editor File Link Vulnerability
On Thu, Nov 16, 2000 at 11:21:15PM -0800, Joey Hess wrote:
> Package: joe
> Version: 2.8
> Severity: important
>
> FILE *f=fopen("DEADJOE","a");
>
> Looks vulnerable indeed. Amusingly Debian has already patched right
> abve this line to not make the DEADJOE file mode 755, to prevent
> sensitive data (/etc/shadow) leakage. We were so close..
Oh well :(
The fix would be to use open(2) and set the O_EXCL flag so it bails out?
I'd like some security person to make a patch or even better a whole potato
NMU, because I don't feel up to the task.
--
Digital Electronic Being Intended for Assassination and Nullification
Reply to: