On Tue, Nov 14, 2006 at 01:20:13AM +0100, Steinar H. Gunderson wrote: > On Mon, Nov 06, 2006 at 10:02:13PM -0800, Atsuhito KOHDA wrote: > > * New Upstream Release. > > - modify logic for reading PERSONAL_EXTENSION_MAP and PERSONAL_MAILCAP > > to > > ensure that they are files that are controlled only by the user. The > > default values for these allow lynx to read configuration information > > from the user's current directory at lynx's startup (Closes: #396949) > > Unfortunately, the patch is flawed; the logic is basically: > > 1. Stat the file. > 2. If not owned by the user, abort. > 3. Read the file.
It's somewhat more than that. The point of adding the check was to ensure that files in the user's home directory (the ultimate goal, for dev.3/dev.4) are not world-writable. > There's nothing that says the status can't change between 1 and 3, so we have > a race condition; IOW, the bug is still there, only slightly harder to > exploit. dev.4 is current (from yesterday). Let's focus on the current code, not the first step that I took. > Actually, the upstream CHANGES file also claims this release checks > that the paths for PERSONAL_EXTENSION_MAP and PERSONAL_MAILCAP are absolute, > but this appears to be a typo; from the diff it is clear that what's checked > are the _global_ type and extension maps. yes - that's a cut/paste error that I fixed in the dev.3 patch. bye -- Thomas E. Dickey http://invisible-island.net ftp://invisible-island.net
pgpg7f4Yz6KLK.pgp
Description: PGP signature