[Mldonkey-bugs] [Bug #492] Potential security problem

mldonkey-bugs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Mldonkey-bugs] [Bug #492] Potential security problem - mldonkey creatin

From:	nobody
Subject:	[Mldonkey-bugs] [Bug #492] Potential security problem - mldonkey creating subdirectories.
Date:	Tue, 28 May 2002 20:02:09 -0400

=================== Bug #492: Full Bug Snapshot ===================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=492&group_id=1409

Submitted by: None                      Project: mldonkey, open e-Donkey client 
Submitted on: 2002-May-28 20:02
Category:  None                         Severity:  5 - Major                    
Bug Group:  None                        Resolution:  None                       
Assigned to:  None                      Status:  Open                           

Summary:  Potential security problem - mldonkey creating subdirectories.

Original Submission:  Hi!

I'm not sure if i just found a potential security threat in mlDonkey 1.16. I 
have written another description of the problem to one of the developers 
(including hashes for the file), because i don't wanted to post hashes/and or 
filenames.

I just finished some download and commited the files using the "commit" 
command. This was the filename as it was shown in the web-interface:

Downloaded 2 files [ Num ] File Size MD4
[3    ] some-scvd.bin 800000000 SOME_LENGTHY_MD4_CHECKSUM
..

After commiting, i looked into the incoming directory, and noticed that 
mldonkey created a subdirectory, containing a single file:


fli4l:/mnt/hda4/incoming/ed2k # tree
.
|-- Some_subdirectory_created_by_mldonkey_after_committing
    `-- somebinfile.bin
1 directory, 1 files


So mldonkey seems to have created a subdirectory named 
"Some_subdirectory_created_by_mldonkey_after_committing", containing a single 
file "somebinfile.bin".

Is this the wanted behaviour? I'm afraid that this could be a potential 
security threat, if the file would have been written to something like 
"/root/i0wnzY0" or something like that..

I'm going to post this mail to the bug tracking forum, too (but without real 
filenames and hashes).




No Followups Have Been Posted


For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=492&group_id=1409

[Prev in Thread]

Current Thread

[Next in Thread]

[Mldonkey-bugs] [Bug #492] Potential security problem - mldonkey creating subdirectories., nobody <=
- [Mldonkey-bugs] [Bug #492] Potential security problem - mldonkey creating subdirectories., nobody, 2002/05/29
- [Mldonkey-bugs] [Bug #492] Potential security problem - mldonkey creating subdirectories., nobody, 2002/05/29

Prev by Date: [Mldonkey-bugs] [ 100945 ] uncompleted downloads
Next by Date: [Mldonkey-bugs] [Bug #492] Potential security problem - mldonkey creating subdirectories.
Previous by thread: [Mldonkey-bugs] [ 100956 ] I always get disconnected :/
Next by thread: [Mldonkey-bugs] [Bug #492] Potential security problem - mldonkey creating subdirectories.
Index(es):
- Date
- Thread