bug-textutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

textutils (Re: Owl packages with dangerous "tmp" functions)


From: Solar Designer
Subject: textutils (Re: Owl packages with dangerous "tmp" functions)
Date: Sat, 6 Jan 2001 21:03:01 +0300
User-agent: Mutt/1.2.5i

> textutils only has a DoS in tac, trivial to fix (will do unless
> someone posts a patch earlier).

The attached patch against textutils-2.0.11 avoids the DoS attacks on
tac and sort.

I am using mkstemp(3), which is not available on all of the supported
platforms.  A configure check and a portable mkstemp substitute (such
as one found in libiberty included with binutils and gcc) should be
added when fixing this in the official textutils.  This patch, in its
current form, is for use in security updates the Linux distribution
vendors are planning.

-- 
/sd

Attachment: textutils-2.0.11-owl-tmp.diff
Description: Text document


reply via email to

[Prev in Thread] Current Thread [Next in Thread]