clone 503645 -1
reopen -1
retitle -1 CVE-2008-4640: insecure file handling
thank

Nico Golde a écrit :
Hi Ludovic,
* Ludovic Rousseau <[EMAIL PROTECTED]> [2008-11-01 15:55]:
On Sat, Nov 1, 2008 at 1:36 PM, Nico Golde <[EMAIL PROTECTED]> wrote:
Hi Bruno,
* Bruno De Fraine <[EMAIL PROTECTED]> [2008-10-29 18:43]:
[...]
Nico, do you think this would be sufficient to rule out the vulnerability?
I didn't get this message because you didn't CC me.
I just had a look at the applied patch and I think this is
sufficient.
You didn't fix CVE-2008-4640 in this version, did you?
Exact. CVE-2008-4640 is still present. I don't think it is an
important problem.

Please reopen this bug then or clone it and reopen the clone.

Just done.

If I understand correctly  it will just delete
files with names derived from existing files. I cannot be used to
delete arbitrary files.

Why is this unlink needed anyway?

Because jhead is used to modify files but the commands called by jhead can't use the file "in place" but use a source and a target. jhead then rename the target file to the source file.

The temp file is first removed (if any).
the transformation command is called
the source files is unlinked
the target file is renamed to the source file

Maybe the unlink() calls can be removed but that would not solve the problem. The temporary file would still be created by the command called by jhead (like mogrify of jpegtran).

bye

--
 Dr. Ludovic Rousseau



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to