Re: deb vfs security issue (CAN-2004-0494)
- From: Leonard den Ottolander <leonard den ottolander nl>
- To: MC Devel <mc-devel gnome org>
- Subject: Re: deb vfs security issue (CAN-2004-0494)
- Date: Wed, 18 Aug 2004 23:00:25 +0200
Hi Andrew,
On Wed, 2004-08-18 at 21:35, Andrew V. Samoilov wrote:
> patchfs and uzip is ok ;-)
I see. copyin is passed unchecked parameters, but those are quotemeta'd
with myin. This seems to be the case in most opens, except one: copyout.
Are you sure 'open 0, "> $out";' is fine?
Spaces in file names seem not to be handled correctly by patchfs...
Leonard.
--
mount -t life -o ro /dev/dna /genetic/research
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
