Re: [Cooker] Re: [Security Announce] MDKSA-2000:072 - joe update
On Tue Nov 21, 2000 at 08:15:48AM +0100, Alexander Skwar wrote: > > append its open buffers to the file DEADJOE. This can be exploited by > > the creation of DEADJOE symlinks in directories where root would > > normally use joe. In this way, joe could be used to append garbage to > > Okay, and how does the update fix this behaviour? Does the new joe not > create DEADJOE's anymore? No, what it does is check to see if DEADJOE exists first. If it does, it removes the file (and/or symlink) and then creates DEADJOE instead of arbitraily writing to the file without checking. -- [EMAIL PROTECTED], OpenPGP key available on www.keyserver.net 1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD - Danen Consulting Serviceswww.danen.net, www.freezer-burn.org - MandrakeSoft, Inc. www.linux-mandrake.com Current Linux uptime: 6 days 8 hours 53 minutes.
[Cooker] Re: [Security Announce] MDKSA-2000:072 - joe update
So sprach Linux Mandrake Security Team am Mon, Nov 20, 2000 at 04:55:52PM -0700: > > > Linux-Mandrake Security Update Advisory > > > Package name: joe > Advisory ID: MDKSA-2000:072 [...] > append its open buffers to the file DEADJOE. This can be exploited by > the creation of DEADJOE symlinks in directories where root would > normally use joe. In this way, joe could be used to append garbage to Okay, and how does the update fix this behaviour? Does the new joe not create DEADJOE's anymore? Alexander Skwar -- How to quote: http://learn.to/quote (german) http://quote.6x.to (english) Homepage: http://www.digitalprojects.com | http://www.dp.ath.cx GnuPG ID: 59F6A6F5 FP: DC8AFA56C492EE6058D5 BAA62EEE3AD559F6A6F5 ICQ:7328191 Uptime: 1 day 16 hours 57 minutes