On Sun, 20 Jul 2008 20:42:21 +1000, Ben Schmidt
[EMAIL PROTECTED] wrote:
Matthew Winn wrote:
On Sun, 20 Jul 2008 00:44:48 +1000, Ben Schmidt
[EMAIL PROTECTED] wrote:
As has been pointed out, making a directory in /tmp is more secure. More
specifically, making a directory and putting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Matthew Winn wrote:
I'm pretty sure you can only delete in-use directories with a call to
unlink() at the system level. Both rm and rmdir are careful to leave
the filesystem in a sensible state, but unlink() seems to assume that
if you know
On 2008-07-20, Matthew Winn [EMAIL PROTECTED] wrote:
On Sun, 20 Jul 2008 00:44:48 +1000, Ben Schmidt
[EMAIL PROTECTED] wrote:
On regular annoyance I have is that my system periodically cleans up
/tmp and removes Vim's temp directories, and since a long-running Vim
process created the
On Sun, 20 Jul 2008 00:44:48 +1000, Ben Schmidt
[EMAIL PROTECTED] wrote:
As has been pointed out, making a directory in /tmp is more secure. More
specifically, making a directory and putting a file in it (there is a
race condition there, of course...but checking/setting the mode can
ensure
Matthew Winn wrote:
On Sun, 20 Jul 2008 00:44:48 +1000, Ben Schmidt
[EMAIL PROTECTED] wrote:
As has been pointed out, making a directory in /tmp is more secure. More
specifically, making a directory and putting a file in it (there is a
race condition there, of course...but checking/setting
On Sun, Jul 20, 2008 at 16:01, Bram Moolenaar [EMAIL PROTECTED] wrote:
Jan Minar wrote:
The configure can just use a fixed file name in the current directory.
Anyway, I have adapted some code from src/auto/configure that will
work on systems without mktemp(1) -- patch attached.
There
Jan Minar wrote:
On Fri, Jul 18, 2008 at 3:45 PM, Ben Schmidt
[EMAIL PROTECTED] wrote:
Jan Minář wrote:
mktemp(1) creates the file securely, with 0600 permissions. That's the
whole point. There is no race condition. That's the whole point.
Presuming the directory it's in is sticky
On Sun, Jul 20, 2008 at 3:01 PM, Bram Moolenaar [EMAIL PROTECTED] wrote:
Jan Minar wrote:
Anyway, I have adapted some code from src/auto/configure that will
work on systems without mktemp(1) -- patch attached.
There probably is a small security hole in this as well. A targeted
symlink
Jan Minář wrote:
On Fri, Jul 18, 2008 at 3:45 PM, Ben Schmidt
[EMAIL PROTECTED] wrote:
Jan Minář wrote:
mktemp(1) creates the file securely, with 0600 permissions. That's the
whole point. There is no race condition. That's the whole point.
Presuming the directory it's in is sticky or such
On Fri, Jul 18, 2008 at 00:54, Jan Minář [EMAIL PROTECTED] wrote:
The attacker has to create the temporary file
``/tmp/Makefile-confPID'' before it is first written to at (1). In
the time between (1) and (2), arbitrary commands can be written to the
file. They will be executed at (2).
Jan Minar wrote:
1. Summary
Product : Vim -- Vi IMproved
Versions : 5.0--current, possibly older; 4.6 and 3.0 not vulnerable
Impact : Arbitrary code execution
Wherefrom: Local
Original : http://www.rdancer.org/vulnerablevim-configure.in.html
On Fri, Jul 18, 2008 at 11:46, Bram Moolenaar [EMAIL PROTECTED] wrote:
Unfortunately the patch breaks configure for me:
86: checking Python's configuration directory...
/usr/local/lib/python2.5/config
87: usage: mktemp [-d] [-q] [-t prefix] [-u] template ...
88:
Nikolai Weibull wrote:
On Fri, Jul 18, 2008 at 00:54, Jan Mináø [EMAIL PROTECTED] wrote:
The attacker has to create the temporary file
``/tmp/Makefile-confPID'' before it is first written to at (1). In
the time between (1) and (2), arbitrary commands can be written to the
file.
1. Summary
Product : Vim -- Vi IMproved
Versions : 5.0--current, possibly older; 4.6 and 3.0 not vulnerable
Impact : Arbitrary code execution
Wherefrom: Local
Original : http://www.rdancer.org/vulnerablevim-configure.in.html
http://www.rdancer.org/vulnerablevim-configure.in.patch
14 matches
Mail list logo
