[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug#149454: uudecode bug (?)
|
From: |
Santiago Vila |
|
Subject: |
Re: Bug#149454: uudecode bug (?) |
|
Date: |
Mon, 10 Jun 2002 15:14:32 +0200 (CEST) |
On Mon, 10 Jun 2002, martin f krafft wrote:
> also sprach Santiago Vila <address@hidden> [2002.06.10.1341 +0200]:
> > http://www.aerasec.de/security/index.html?lang=en&id=ae-200205-037
> >
> > Well, this is Unix, and the user is supposed to know what he/she is doing.
> > Not checking for a symlink or a pipe does not make uudecode more
> > dangerous than it is *already*. A uuencoded .profile is already
> > dangerous enough, for example.
>
> i fully agree with you. nevertheless, we're also dealing with a race
> condition here. there are millions of cycles between me `ls` checking
> for a file that already exists, and uudecode actually fopen()ing the
> file for 'w' mode. if a file exists and it's overwritten, then no
> biggie, but a symlink or pipe do not really represent anything to be
> overwritten and are thus dangerous, i find.
It does if you set it up that way. Think of a symlink of the form
foo -> foo.`date +%Y%m%d` for example. This is a *completely* legitimate
use of a symlink, and we should not break it just for fun.
I repeat: It's the uudecode command that is "dangerous", as well as
"cp", "rm" or just redirection, not the usage of symlinks or pipes.
I'm sorry, but this bug will remain wishlist until I hear from the authors.
Thanks.