[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: sharutils: security issue
|
From: |
Bruce Korb |
|
Subject: |
Re: sharutils: security issue |
|
Date: |
Wed, 17 May 2006 22:03:36 -0700 |
|
User-agent: |
Mozilla Thunderbird 1.0.7 (X11/20050923) |
Santiago Vila wrote:
On Wed, 17 May 2006, Pavel Roskin wrote:
"If an attacker can convince a user to invoke uudecode on a malicious
file without reviewing the included file name, the attacker can cause
the user to overwrite any file accessible by the user."
Hmm, this is similar to http://bugs.debian.org/149454.
Isn't this a feature more than a bug?
Hi Pavel, Santiago, Paul, and others,
Having read that thread and the bug report at xatrix.org, I am now
inclined to think several things:
1. (A long held belief) uudecode is hard to make completely secure.
2. It isn't used very much. MIME encoding is embedded in mail programs
nowadays. ftp et al. send binary data and zip, gzip, bzip2 et al.
are far more efficient for data transmission. Repositories handle
binary files now, too.
3. Changing behavior is a destabilizing thing to do.
4. The universe of interest consists of those people who still receive
uuencoded files from untrusted sources with full path names and
they uudecode them without taking prudent precautions.
I will take a patch that addresses the rarified problem, but forgive me
if I am not super excited over its importance. Any such patch should:
* Not change current behavior without a command line option
* squawk or abort if a new option is provided and any of several
conditions are met (pre-existing file, full path output file name,
output is a pipe or some other non-regular file, and even the program
does or does not have a controlling terminal accessible via /dev/tty
-- stdin is often lost to input files via freopen()).
Thank you all for your input.
Regards, Bruce