[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#12947: address@hidden: Bug#598018: install: temporary insecure file
|
From: |
Eric Blake |
|
Subject: |
bug#12947: address@hidden: Bug#598018: install: temporary insecure file permissions] |
|
Date: |
Tue, 20 Nov 2012 14:41:52 -0700 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20121029 Thunderbird/16.0.2 |
On 11/20/2012 02:20 PM, Paul Eggert wrote:
> Thanks, I installed this patch into the coreutils master branch,
> and I'm marking the upstream coreutils bug as done.
>
>>From 7ee71d9ddad1435bbea00779bcd4c62482ea3473 Mon Sep 17 00:00:00 2001
> From: Paul Eggert <address@hidden>
> Date: Tue, 20 Nov 2012 13:15:34 -0800
> Subject: [PATCH] install: fix security race
>
> * src/copy.c (copy_internal): Use DST_MODE_BITS, not SRC_MODE.
> See Bernhard R. Link in <http://bugs.gnu.org/12947> and in
> <http://bugs.debian.org/598018>.
> ---
> src/copy.c | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
This also needs a NEWS entry. I'm not sure how easy or hard it would be
to write a test case, though.
--
Eric Blake address@hidden +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature