On Mon, Nov 06, 2006 at 10:02:13PM -0800, Atsuhito KOHDA wrote: > * New Upstream Release. > - modify logic for reading PERSONAL_EXTENSION_MAP and PERSONAL_MAILCAP to > ensure that they are files that are controlled only by the user. The > default values for these allow lynx to read configuration information > from the user's current directory at lynx's startup (Closes: #396949)
Unfortunately, the patch is flawed; the logic is basically: 1. Stat the file. 2. If not owned by the user, abort. 3. Read the file. There's nothing that says the status can't change between 1 and 3, so we have a race condition; IOW, the bug is still there, only slightly harder to exploit. Actually, the upstream CHANGES file also claims this release checks that the paths for PERSONAL_EXTENSION_MAP and PERSONAL_MAILCAP are absolute, but this appears to be a typo; from the diff it is clear that what's checked are the _global_ type and extension maps. /* Steinar */ -- Homepage: http://www.sesse.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
