Re: Bug#77257: FWD: Joe's Own Editor File Link Vulnerability

To: debian-security@lists.debian.org, 77257@bugs.debian.org
Subject: Re: Bug#77257: FWD: Joe's Own Editor File Link Vulnerability
From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Sun, 19 Nov 2000 16:17:13 +1100
Message-id: <[🔎] 200011190517.eAJ5HDV08875@gondor.apana.org.au>
In-reply-to: <20001116232115.L11209@kitenet.net> <[🔎] 200011172250.eAHMonu11909@gondor.apana.org.au> <[🔎] 20001117215447.A14696@drow.them.org> <[🔎] 20001118140515.A21078@gondor.apana.org.au> <[🔎] 20001118112613.O9245@cape.com> <[🔎] 20001119050632.A15052@jagor.srce.hr>

Josip Rodin <jrodin@public.srce.hr> wrote:
> severity 77257 normal
> retitle 77257 Joe's Own Editor File Link Vulnerability
> merge 34524 77257
> thanks

> BTW I just noticed this bug is not at all new or unheard of, it's been
> reported by rcw exactly 1 year and 252 days ago, in #34524. If people have
> survived with such a problem for years and years, there's no need to pretend
> we really started caring about it now. If a fix is made - great! but if it's
> not, this bug is just going to stay on the big old heap of joe bugs that
> nobody ever fixed. :/

Ugh, but this is a security issue.  Indeed, if root were using joe and editing
a file in /tmp, it'd be a root exploit.

Besides, it's not as if it's hard to fix or anything, just copy whatever
nvi does.
-- 
Debian GNU/Linux 2.2 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Reply to:

References:
- Re: Bug#77257: FWD: Joe's Own Editor File Link Vulnerability
  - From: Josip Rodin <jrodin@public.srce.hr>

Prev by Date: Re: Bug#77257: FWD: Joe's Own Editor File Link Vulnerability
Next by Date: Re: restricted bash (rbash)
Previous by thread: Re: Bug#77257: FWD: Joe's Own Editor File Link Vulnerability
Next by thread: stop
Index(es):
- Date
- Thread