Hello,
I am afraid that my first message wasn't clear. Not from first look at
least. Sorry about that. Let me elaborate, I think it is probably a
security bug. makesocketpath() checks !S_ISDIR(sb.st_mode); when true it
returns with error. But then it checks !S_ISDIR(sb.st_mode) in second
time and it is definitely false at this point:
if (sb.st_uid != uid || (!S_ISDIR(sb.st_mode) &&
sb.st_mode & (S_IRWXG|S_IRWXO)) != 0) {
errno = EACCES;
return (NULL);
}
Being false it effectively disables the permission check. Hence, for
example, world-writable directory will pass.
------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
tmux-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tmux-users
