Hi all,
As the packager of Lazarus in Fedora, I get notifications if someone
files a bug in Fedora's bug-tracker.
Now someone added a bug-report with a security issue:
https://bugzilla.redhat.com/show_bug.cgi?id=460642
And indeed, if someone add a symlink like 'ln -s /tmp/fpc_patchdir /etc'
Joost van der Sluis schreef:
Hi all,
As the packager of Lazarus in Fedora, I get notifications if someone
files a bug in Fedora's bug-tracker.
Now someone added a bug-report with a security issue:
https://bugzilla.redhat.com/show_bug.cgi?id=460642
And indeed, if someone add a symlink
You should create a temporary name or check and see where the symlink
follows before executing/removing it. So if it does not point for the
right direction, you just exit with an error.
Ido
On Fri, Aug 29, 2008 at 5:53 PM, Vincent Snijders [EMAIL PROTECTED] wrote:
Joost van der Sluis schreef:
Just some ideas on the topic. IMHO the tmp-dir should have a random, or
pseudo-random element to it, and the current script should not (at least
not without asking) delete a tmp-dir.
A random element (such as the PID ) would solve issues if 2 different
users run the script simultaneously (e.g
Op vrijdag 29-08-2008 om 15:53 uur [tijdzone +0200], schreef Mattias
Gaertner:
On Fri, 29 Aug 2008 14:55:00 +0200
Joost van der Sluis [EMAIL PROTECTED] wrote:
Hi all,
As the packager of Lazarus in Fedora, I get notifications if someone
files a bug in Fedora's bug-tracker.
Now
On Fri, 29 Aug 2008 18:31:42 +0200
Joost van der Sluis [EMAIL PROTECTED] wrote:
Op vrijdag 29-08-2008 om 15:53 uur [tijdzone +0200], schreef Mattias
Gaertner:
On Fri, 29 Aug 2008 14:55:00 +0200
Joost van der Sluis [EMAIL PROTECTED] wrote:
Hi all,
As the packager of Lazarus in
