On Tue Nov 21, 2000 at 08:15:48AM +0100, Alexander Skwar wrote:
> > append its open buffers to the file DEADJOE. This can be exploited by
> > the creation of DEADJOE symlinks in directories where root would
> > normally use joe. In this way, joe could be used to append garbage to
>
> Okay, and how does the update fix this behaviour? Does the new joe not
> create DEADJOE's anymore?
No, what it does is check to see if DEADJOE exists first. If it does,
it removes the file (and/or symlink) and then creates DEADJOE instead
of arbitraily writing to the file without checking.
--
[EMAIL PROTECTED], OpenPGP key available on www.keyserver.net
1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD
- Danen Consulting Services www.danen.net, www.freezer-burn.org
- MandrakeSoft, Inc. www.linux-mandrake.com
Current Linux uptime: 6 days 8 hours 53 minutes.
