On Mon, 2008-04-07 at 10:30 +0200, Géraud Meyer wrote: > Ben Hutchings wrote: > > This is not a security hole. > If you can modify a user's ~/.fehbg you > > can almost certainly edit other shell scripts in the user's home > > > feh alone can modify ~/.fehbg. The user changing a wallpaper won't > notice that malicious code could be put in his home dir since fehbg is > only supposed to change the background, not to interpret code inside > filenames. feh does not modify other scripts, though a script in a > filename processed by feh could.
However, the user has to take a series of positive actions for an exploit to succeed: they must modify their session script, open the specific image, and set it as background. > > directory too. Furthermore, while it is possible for feh to write a > > destructive command to ~/.fehbg, it is extremely unlikely that a user > > will make it do so accidentally. > > > Firstly the user may not choose the filename of the image file, for > example in case it was sent to him/her by email. Of course. But the filename is visible to the user, is it not? I suppose this is a security hole, but since it requires positive actions by the user (unlike, say, exploiting creation of temporary files which the user is not aware of) I don't believe it is grave. Ben. -- Ben Hutchings Larkinson's Law: All laws are basically false.
signature.asc
Description: This is a digitally signed message part
