On Fri, Nov 17, 2000 at 03:26:04PM +0100, Josip Rodin wrote:
> On Thu, Nov 16, 2000 at 11:21:15PM -0800, Joey Hess wrote:
> > Package: joe
> > Version: 2.8
> > Severity: important
> >
> > FILE *f=fopen("DEADJOE","a");
> >
> > Looks vulnerable indeed. Amusingly Debian has already patched right
> > abve this line to not make the DEADJOE file mode 755, to prevent
> > sensitive data (/etc/shadow) leakage. We were so close..
> The fix would be to use open(2) and set the O_EXCL flag so it bails out?
A fix, but it breaks the intended behaviour ("a" for append IIRC). Putting
DEADJOE in $HOME might be a nicer solution?
Unfortunately most editors are vulnerable to problems like this (indeed,
most are far more serious than this). I submitted patches for similar problems
in vim to the upstream just a few weeks ago, for instance; jed also had similar
problems (bug #51213). And those are just the ones I've used...
--
Colin Phipps http://www.netcraft.com/
