On Wed, 2008-07-09 at 13:16:04 +0200, Nico Golde wrote:
> Hi Guillem,
> * Guillem Jover <[EMAIL PROTECTED]> [2008-07-09 09:19]:
> > This game creates the file projectL.prf on the current working dir
> > every time it's run. It should probably create it under a dot dir on
> > the home dir. Setting as important as this might be a security problem
> > (it might even well be RC).
>
> The code that does this seems to be the following from br/prefmanager.d:
> 34 public void save(){
> 35 auto File fd = new File;
> 36 fd.create(PREF_FILE);
> 37 fd.write(VERSION_NUM);
> 38 _prefData.save(fd);
> 39 fd.close();
> 40 }
> 41 public PrefData prefData() {
> 42 return _prefData;
> 43 }
>
> Anyone knows if this would follow symlinks and thus opening a symlink
> attack here?
> I have no idea of the d programing language.
I tested this yesterday and it does follow symlinks.
regrads,
guillem
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
