2008/11/11 Eddy Petrișor <[EMAIL PROTECTED]> wrote:
2008/11/10 Thomas Schweitzer <[EMAIL PROTECTED]>:
Concerning bug#504726 I am not sure what's the problem with that? Why is
there a risk to create a static (where static only means that the name will
never change) subdir for temporary data?

When a certain file in that directory is opened, let's say
"universalindentguimain.cpp", at least one temp file with a
predetermined filename (e.g.:
/tmp/UniversalIndentGui/universalindentguimain.cpp) is created.

A malicious user could run the following commands:

mkdir /tmp/UniversalIndentGui
ln -s /home/thomas/some_precious_file_of_yours
/tmp/UniversalIndentGui/universalindentguimain.cpp


then it will wait for you to open that file for indentation and watch
you destroy your "some_precious_file_of_yours"[1].


Having a randomized name for the directory (mkdtemp - stdlib.h) makes
the problem go away. Also, having random names for the temporary files
could solve the problem, too.

[1]  If that file is the recording of your wedding, you can imagine the damage
Oh, I see.
There are such evil people out there? ;-) Ok I never had such a way of abuse on 
my mind, so I didn't care about that.

The next version 1.0.3 will have that fixed and I will send the package to 
Marcela Tiznado so she can upload it for being tested.



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to