I didn't have time yet to look at it thoroughly (or test it), but AFAICS you now check the file for existance before passing it to the shell. This should convert the remote command execution vuln into a local priviledge escalation. A local user can do
touch '/tmp/`touch /tmp/hello`' and pass the filename to torrentflux and so get the command executed as user www-data. This is definitely less severe than before but IMHO still a bug. It would also convert any vulnerability to create a file with arbitrary name into a code execution vulnerability. Cheers, Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
