Source: yzis Source-Version: 1.0~alpha1-1 Severity: serious Tags: security Hi,
This source (affecting all frontends) is vulnerable to a symlink attack. The frontends (I guess the library might be doing this as it's the same behaviour in all cases) writes to «/tmp/yzisdebug-$USER.log». If we create a symlink pointing to some non-existent file, the frontend will create it with zero length on startup but segfault immediately. On the other hand if the symlink points to an existent file the frontends will just remove the current symlink and create a new file ignoring the pointed file. So at least this can be used to create zero length files on behalf of the user running the program. The best fix would be to not write that debug log file at all. regards, guillem -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
