[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: uudecode bug (?)
From: |
martin f krafft |
Subject: |
Re: uudecode bug (?) |
Date: |
Mon, 10 Jun 2002 21:03:17 +0200 |
User-agent: |
Mutt/1.3.28i |
also sprach Colin Watson <address@hidden> [2002.06.10.1917 +0200]:
> If you want to close the race condition properly, I suggest creating a
> new directory with secure modes, checking that the creation succeeded,
> and uudecoding the file there (providing you've checked that it doesn't
> unpack to an absolute path specification). mkdir() is atomic, so you are
> safe. Adding a special-case check to uudecode for this is a very poor
> hack around the race condition.
right. i actually agree. i still don't dig that it should be okay.
> I don't think this is any more of a security problem in uudecode than
> the fact that 'echo text >> filename' follows symlinks. Scripts that
> call uudecode may be buggy, but they should clearly be fixed; do we
> believe that the sort of installer script Dr. Bieringer quotes as
> uudecoding to a well-known filename in a world-writable directory uses
> no other standard tools in insecure ways?
you have a point. not only echo text >> filename follows symlinks,
even the truncating version >| does.
let me sleep this over. it sounds like it's not really a bug. but
something's not letting me just let go...
--
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:" address@hidden
anyone around? -- no, we're all irregular polygons.
pgpEHQXqji1Bm.pgp
Description: PGP signature