re: Symlink vulnerability in winetricks

Stefan Nordhaus wrote: > Winetricks has a symlink vulnerability... Fixed in today's winetricks (20081223), thanks! - Dan

Symlink vulnerability in winetricks

Hi! Winetricks has a symlink vulnerability, it does (echo "$title"; echo ""; echo "$text") > /tmp/x_showmenu.txt An attacker can exploit this by creating a symlink called /tmp/x_showmenu.txt and have it point to some file that a winetricks user can write (e.g. ~/Documents/important_stuff.odf).