Re: [LinuxBIOS] PATCH: mkdirp() error on new directory outside given parent

12 Jul 2007


      On Thu, Jul 12, 2007 at 05:33:57PM +0200, Peter Stuge wrote:
...
On Thu, Jul 12, 2007 at 02:49:36PM +0200, Stefan Reinauer wrote:
...

Peter Stuge peter@stuge.se [070712 09:50]:

...
Have a look.
I think the better way would be to check the paths for ../ and skip
those with a warning.
Then there are the symlinks. :\
Yeah, this stuff is horribly hard to get right. Security issues like
these are found even in really mature and stable software (coreutils,
tar, etc.) again and again...
Uwe.
-- 
http://www.hermann-uwe.de  | http://www.holsham-traders.de
http://www.crazy-hacks.org | http://www.unmaintained-free-software.org

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Re: [LinuxBIOS] PATCH: mkdirp() error on new directory outside given parent