Bug#489988: projectl: Creates file in current working directory
Hi, On Thu, 2008-07-10 at 10:19:55 +, Miriam Ruiz wrote: I'll try to fix it as soon as I can,. I guess it would be really nice if you could follow the XDG base dir spec while you are at it. thanks, guillem -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#489988: projectl: Creates file in current working directory
I'll try to fix it as soon as I can,. Thanks, Miry __ Enviado desde Correo Yahoo! La bandeja de entrada más inteligente. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#489988: projectl: Creates file in current working directory
Hi Guillem, * Guillem Jover [EMAIL PROTECTED] [2008-07-09 09:19]: This game creates the file projectL.prf on the current working dir every time it's run. It should probably create it under a dot dir on the home dir. Setting as important as this might be a security problem (it might even well be RC). The code that does this seems to be the following from br/prefmanager.d: 34 public void save(){ 35 auto File fd = new File; 36 fd.create(PREF_FILE); 37 fd.write(VERSION_NUM); 38 _prefData.save(fd); 39 fd.close(); 40 } 41 public PrefData prefData() { 42 return _prefData; 43 } Anyone knows if this would follow symlinks and thus opening a symlink attack here? I have no idea of the d programing language. Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpM7NDONBWQk.pgp Description: PGP signature
Bug#489988: projectl: Creates file in current working directory
Hi, * Nico Golde [EMAIL PROTECTED] [2008-07-09 13:37]: * Guillem Jover [EMAIL PROTECTED] [2008-07-09 09:19]: This game creates the file projectL.prf on the current working dir every time it's run. It should probably create it under a dot dir on the home dir. Setting as important as this might be a security problem (it might even well be RC). The code that does this seems to be the following from br/prefmanager.d: 34 public void save(){ 35 auto File fd = new File; 36 fd.create(PREF_FILE); 37 fd.write(VERSION_NUM); 38 _prefData.save(fd); 39 fd.close(); 40 } 41 public PrefData prefData() { 42 return _prefData; 43 } Anyone knows if this would follow symlinks and thus opening a symlink attack here? I have no idea of the d programing language. Or can you send an strace of the process to the bug report? Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgp7Kfea8mZUr.pgp Description: PGP signature
Bug#489988: projectl: Creates file in current working directory
On Wed, 2008-07-09 at 13:16:04 +0200, Nico Golde wrote: Hi Guillem, * Guillem Jover [EMAIL PROTECTED] [2008-07-09 09:19]: This game creates the file projectL.prf on the current working dir every time it's run. It should probably create it under a dot dir on the home dir. Setting as important as this might be a security problem (it might even well be RC). The code that does this seems to be the following from br/prefmanager.d: 34 public void save(){ 35 auto File fd = new File; 36 fd.create(PREF_FILE); 37 fd.write(VERSION_NUM); 38 _prefData.save(fd); 39 fd.close(); 40 } 41 public PrefData prefData() { 42 return _prefData; 43 } Anyone knows if this would follow symlinks and thus opening a symlink attack here? I have no idea of the d programing language. I tested this yesterday and it does follow symlinks. regrads, guillem -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#489988: projectl: Creates file in current working directory
Hi Guillem, * Guillem Jover [EMAIL PROTECTED] [2008-07-09 16:36]: On Wed, 2008-07-09 at 13:16:04 +0200, Nico Golde wrote: * Guillem Jover [EMAIL PROTECTED] [2008-07-09 09:19]: This game creates the file projectL.prf on the current working dir every time it's run. It should probably create it under a dot dir on the home dir. Setting as important as this might be a security problem (it might even well be RC). The code that does this seems to be the following from br/prefmanager.d: 34 public void save(){ 35 auto File fd = new File; 36 fd.create(PREF_FILE); 37 fd.write(VERSION_NUM); 38 _prefData.save(fd); 39 fd.close(); 40 } 41 public PrefData prefData() { 42 return _prefData; 43 } Anyone knows if this would follow symlinks and thus opening a symlink attack here? I have no idea of the d programing language. I tested this yesterday and it does follow symlinks. I had a brief look at the rest of the code, can you confirm that this happens when quitting the game? Added this to the security tracker and I'll request a CVE id for it. Thanks for the heads up! Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpFG22X65hYB.pgp Description: PGP signature
Bug#489988: projectl: Creates file in current working directory
Package: projectl Version: 1.001.dfsg1-1 Severity: important Tags: security Hi, This game creates the file projectL.prf on the current working dir every time it's run. It should probably create it under a dot dir on the home dir. Setting as important as this might be a security problem (it might even well be RC). regards, guillem -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]