|
From: | Andrew D Jewell |
Subject: | Re: uudecode bug (?) |
Date: | Mon, 10 Jun 2002 10:44:37 -0400 |
-P, --paranoid : always open output files with "unlink(foo); open(foo, O_EXCL | O_CREATE)" Added safety without breaking existing scripts.Would this please everyone? There might need to be extra complexity to handle the execute bit in a useful way.
adj
The uudecode utility would create an output file without checking to see if it was about to write to a symlink or a pipe. If a user uses uudecode to extract data into open shared directories, such as /tmp, this vulnerability could be used by a local attacker to overwrite files or lead to privilege escalation. Fixed packages are available now.
[Prev in Thread] | Current Thread | [Next in Thread] |