Hi!
Salvatore Bonaccorso:
> So it will additionally allow potentially denial of service on
> multi-user systems.
>
> Not sure if the grave severity is warranted, though, will leave this
> discussion to you both :)
Ack, grave sounds a bit grave.
> For tracking the issue, I have requested a
Conrol: retitle -1 onionshare: CVE-2018-19960: uses a fixed filename in /tmp
Hi,
So it will additionally allow potentially denial of service on
multi-user systems.
Not sure if the grave severity is warranted, though, will leave this
discussion to you both :)
For tracking the issue, I have
On Fri, 07 Dec 2018, intrigeri wrote:
> Hi,
>
> Peter Palfrader:
> > onionshare uses /tmp/onionshare_server.log as a logfile with --debug.
>
> Good catch!
>
> While that code obviously conflicts with basic secure programming best
> practices, it seems to me that the default settings of the
>
Hi,
Peter Palfrader:
> onionshare uses /tmp/onionshare_server.log as a logfile with --debug.
Good catch!
While that code obviously conflicts with basic secure programming best
practices, it seems to me that the default settings of the
fs.protected_symlinks and fs.protected_hardlinks sysctls
4 matches
Mail list logo
