21 Jul 20:09
Re: Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution
From: Matthew Winn <vim <at> mwinn.powernet.co.uk>
Subject: Re: Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution
Newsgroups: gmane.editors.vim.devel
Date: 2008-07-21 18:09:19 GMT
Subject: Re: Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution
Newsgroups: gmane.editors.vim.devel
Date: 2008-07-21 18:09:19 GMT
On Sun, 20 Jul 2008 20:42:21 +1000, Ben Schmidt <mail_ben_schmidt <at> yahoo.com.au> wrote: > Matthew Winn wrote: > > On Sun, 20 Jul 2008 00:44:48 +1000, Ben Schmidt > > <mail_ben_schmidt <at> yahoo.com.au> wrote: > > > >> As has been pointed out, making a directory in /tmp is more secure. More > >> specifically, making a directory and putting a file in it (there is a > >> race condition there, of course...but checking/setting the mode can > >> ensure security, I think). The directory can't be deleted and replaced > >> unless empty, and can't be emptied if not writable. > > > > On Unix directories can be deleted when not empty. I've done it by > > accident. > > Mmm. I think I have too, now you mention it. But I think I perhaps > thought that they could be moved but not fully deleted. Of course, it > depends on the filesystem as well as the OS. I'm pretty sure you can only delete in-use directories with a call to unlink() at the system level. Both rm and rmdir are careful to leave the filesystem in a sensible state, but unlink() seems to assume that if you know enough to use a C compiler you know enough to deal with the consequences of unlinking a directory from the tree. -- -- Matthew Winn --~--~---------~--~----~------------~-------~--~----~ You received this message from the "vim_dev" maillist. For more information, visit http://www.vim.org/maillist.php -~----------~----~----~----~------~----~------~--~---
RSS Feed