On 2019-12-29 01:16:01 -0500, Joe Nahmias wrote: > On 12/27/2019 6:23 PM, Vincent Lefevre wrote: > > On 2019-12-27 19:49:46 +0000, Joseph Nahmias wrote: > > > On Fri, Dec 27, 2019 at 07:27:42PM +0000, Joseph Nahmias wrote: > > > > The attached patch works around the issue until that is fixed. > > > > > > Of course, I forgot this patch... Take 2. > > > > Wouldn't the use of wildcards be a security issue? > > > > + ln -s /tmp/.wine-`id -u`/server* /tmp/wine-*/ > > > > i.e. could you end up creating wrong symbolic links? > > Attached is an updated patch that does the extra work to avoid the > wildcards. > > > In any case, this seems rather ugly to me. > > Not sure precisely what you are referring to as ugly here;
I meant the use of wildcards. Actually they were wrong, because they would work only when they matched only one file or directory, while in normal use (no attacks), some other old files or directories could have been left in /tmp for various reasons (testing, crash, etc.). In general, wildcards should be used only when the goal is to match a set of files, not to replace something "unknown" (possibly unless one has the full control of the directory, which is not the case here). -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
