/tmp hole in gnome-help-browser
- From: Robert Wilhelm <robert physiol med tu-muenchen de>
- To: security-audit ferret lmh ox ac uk
- Cc: gnome-list gnome org
- Subject: /tmp hole in gnome-help-browser
- Date: Tue, 30 Jun 1998 17:06:12 +0200
With the right link, you can destroy any file of another user,
if he starts gnome-help-browser.
See gnome-core/help-browser/window.c
#define IMAGE_TEMPFILE "/tmp/gnome-help-browser.tmpfile"
fd = open(IMAGE_TEMPFILE, O_WRONLY | O_CREAT, 0666);
if (fd >= 0) {
docObjGetRawData(obj, &buf, &buflen);
write(fd, buf, buflen);
close(fd);
}
Robert
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
