clone 503645 -1
reopen -1
retitle -1 CVE-2008-4640: insecure file handling
thank
Nico Golde a écrit :
Hi Ludovic,
* Ludovic Rousseau <[EMAIL PROTECTED]> [2008-11-01 15:55]:
On Sat, Nov 1, 2008 at 1:36 PM, Nico Golde <[EMAIL PROTECTED]> wrote:
Hi Bruno,
* Bruno De Fraine <[EMAIL PROTECTED]> [2008-10-29 18:43]:
[...]
Nico, do you think this would be sufficient to rule out the vulnerability?
I didn't get this message because you didn't CC me.
I just had a look at the applied patch and I think this is
sufficient.
You didn't fix CVE-2008-4640 in this version, did you?
Exact. CVE-2008-4640 is still present. I don't think it is an
important problem.
Please reopen this bug then or clone it and reopen the
clone.
Just done.
If I understand correctly it will just delete
files with names derived from existing files. I cannot be used to
delete arbitrary files.
Why is this unlink needed anyway?
Because jhead is used to modify files but the commands called by jhead
can't use the file "in place" but use a source and a target. jhead then
rename the target file to the source file.
The temp file is first removed (if any).
the transformation command is called
the source files is unlinked
the target file is renamed to the source file
Maybe the unlink() calls can be removed but that would not solve the
problem. The temporary file would still be created by the command called
by jhead (like mogrify of jpegtran).
bye
--
Dr. Ludovic Rousseau
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
