Re: Bug#77257: FWD: Joe's Own Editor File Link Vulnerability
Josip Rodin <jrodin@public.srce.hr> wrote:
> severity 77257 normal
> retitle 77257 Joe's Own Editor File Link Vulnerability
> merge 34524 77257
> thanks
> BTW I just noticed this bug is not at all new or unheard of, it's been
> reported by rcw exactly 1 year and 252 days ago, in #34524. If people have
> survived with such a problem for years and years, there's no need to pretend
> we really started caring about it now. If a fix is made - great! but if it's
> not, this bug is just going to stay on the big old heap of joe bugs that
> nobody ever fixed. :/
Ugh, but this is a security issue. Indeed, if root were using joe and editing
a file in /tmp, it'd be a root exploit.
Besides, it's not as if it's hard to fix or anything, just copy whatever
nvi does.
--
Debian GNU/Linux 2.2 is out! ( http://www.debian.org/ )
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Reply to: