severity 504194 important thank On Sat, Nov 1, 2008 at 4:36 PM, Ludovic Rousseau <[EMAIL PROTECTED]> wrote: > Nico Golde a écrit : >> >> Hi Ludovic, >> * Ludovic Rousseau <[EMAIL PROTECTED]> [2008-11-01 15:55]:
>>> If I understand correctly it will just delete >>> files with names derived from existing files. I cannot be used to >>> delete arbitrary files. >> >> Why is this unlink needed anyway? > > Because jhead is used to modify files but the commands called by jhead can't > use the file "in place" but use a source and a target. jhead then rename the > target file to the source file. > > The temp file is first removed (if any). > the transformation command is called > the source files is unlinked > the target file is renamed to the source file > > Maybe the unlink() calls can be removed but that would not solve the > problem. The temporary file would still be created by the command called by > jhead (like mogrify of jpegtran). I change the severity from RC to important. jhead can't remove arbitrary files but just files whose filenames have one character changed from the filename given to the command. jhead is not setuid. I don't think it is more dangerous than the rm(1) command. Bye -- Dr. Ludovic Rousseau -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
