On Sun, Aug 28, 2005 at 10:41:52PM +0100, Justin B Rye wrote: > On Sat, Aug 13, Enrico Zini wrote: > > Oh! That's a bad bug, security-related, critical severity. Could you > > please report it? > > Sorry about the delay. I can't see quite how the exploit would > work, even as a "grave" user-versus-user attack, but it smells > vaguely of buffer-overflow risk as well as being a violation of > policy 10.9 and generally bad behaviour.
Thanks for reporting. I pinged upstream pointing him at the report, I
hope he gets back to me quickly.
It can surely be used to fill up disk space on a DoS attack. I don't
know anything about Ocaml's serialisations methods so I can't say if
this could be exploited to cause a buffer overflow.
In the meantime, the problem seems to be in io.ml, line 65:
Unix.chmod tmp 0o666;
I've asked upstream if he can see any problems in just removing that
line.
Ciao,
Enrico
--
GPG key: 1024D/797EBFAB 2000-12-05 Enrico Zini <[EMAIL PROTECTED]>
signature.asc
Description: Digital signature
