|
From: | Richard Frith-Macdonald |
Subject: | Re: GNUstep introduces a serious security problem |
Date: | Wed, 18 Mar 2009 07:06:20 +0000 |
On 17 Mar 2009, at 23:31, Tim Kack wrote:
Hi Igor,I opened bug #25904 for this, please add the findings to that if needed.I will check more on this tomorrow.Note, this is not a security issue - it is only the owner that can touch the file, but it can lead to overwriting data that you didn't want to have overwritten. A nuisance of course. GNUstep is not using anything that can override the operating systems permissions checks, it is all built upon standard base libraries (glibc etc).
It turns out that there is no issue/bug here. The example/test code was asking to replace an existing file, and the library was doing that. On Unix-style systems, if you want to protect a file so that it cannot be replaced, you have to change the permissions of the directory containing the file, not those of the file itsself.
[Prev in Thread] | Current Thread | [Next in Thread] |