Re: uudecode bug (?)

bug-gnu-utils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: uudecode bug (?)

From:	Andrew D Jewell
Subject:	Re: uudecode bug (?)
Date:	Mon, 10 Jun 2002 10:44:37 -0400

Perhaps there is a common option that many gnu utils should add,which is a little bit like the '-f' option in cp :


-P, --paranoid : always open output files with
                 "unlink(foo); open(foo, O_EXCL | O_CREATE)"

Added safety without breaking existing scripts.

Would this please everyone? There might need to be extra complexityto handle the execute bit in a useful way.

adj

   The uudecode utility would create an output file without checking to
   see if it was about to write to a symlink or a pipe. If a user uses
   uudecode to extract data into open shared directories, such as /tmp,
   this vulnerability could be used by a local attacker to overwrite
   files or lead to privilege escalation. Fixed packages are available
   now.

[Prev in Thread]

Current Thread

[Next in Thread]

uudecode bug (?), Santiago Vila, 2002/06/10
- Re: uudecode bug (?), martin f krafft, 2002/06/10
  - Re: Bug#149454: uudecode bug (?), Santiago Vila, 2002/06/10
    - Re: Bug#149454: uudecode bug (?), Dr. Peter Bieringer, 2002/06/10
  - Re: uudecode bug (?), Colin Watson, 2002/06/10
    - Re: uudecode bug (?), martin f krafft, 2002/06/10
- Re: uudecode bug (?), Andrew D Jewell <=
  - Re: uudecode bug (?), Paul Jarc, 2002/06/10
- Re: uudecode bug (?), Paul Eggert, 2002/06/10

Prev by Date: Vediovis Productions, votre meilleur alli� pour l'Internet
Next by Date: mkid crashes in strtok()
Previous by thread: Re: uudecode bug (?)
Next by thread: Re: uudecode bug (?)
Index(es):
- Date
- Thread