Re: deb vfs security issue (CAN-2004-0494)

From: "Andrew V. Samoilov" <andrew email zp ua>
To: Leonard den Ottolander <leonard den ottolander nl>
Cc: mc-devel gnome org
Subject: Re: deb vfs security issue (CAN-2004-0494)
Date: Thu, 19 Aug 2004 12:37:39 +0300 (EEST)

> Hi Andrew,
> 
> On Thu, 2004-08-19 at 09:42, Andrew V. Samoilov wrote:
> > > I see. copyin is passed unchecked parameters, but those are quotemeta'd
> > > with myin. This seems to be the case in most opens, except one: copyout.
> > > Are you sure 'open 0, "> $out";' is fine?
> >  
> > Well `open O,  '>', $out` is more right and secure here.
> > Patch attached.  Can you commit this one?
> 
> Please wait with committing this. As I am going through many of the
> files in vfs/extfs it's probably better to wait for a comprehensive
> patch that I intend to make. There are many more occurrences of the
> above open syntax.
> 
> Why is the latter form more correct? If it is I am happy to change all
> occurrences of the old form where I find them.

man perlfunc
               Use 3-argument form to open a file with arbitrary
               weird characters in it,

Unfortunatelly 3-argument form is not portable.
Solaris8 is shiped with perl 5.005 and this perl does not understand such open calls ;-(  It seems there is no way to create file with trailing spaces by open now.  We can use sysopen() for such files but this function is also new for perl5 and so is not portable too.

I have no access to cvs now, so commit second part of pathchfs.in path, please.

-- 
Regards,
Andrew V. Samoilov.

Follow-Ups:
- Re: deb vfs security issue (CAN-2004-0494)
  - From: Leonard den Ottolander

References:
- Re: deb vfs security issue (CAN-2004-0494)
  - From: Leonard den Ottolander

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]