[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Mldonkey-bugs] [Bug #492] Potential security problem - mldonkey creatin
[Mldonkey-bugs] [Bug #492] Potential security problem - mldonkey creating subdirectories.
Tue, 28 May 2002 20:02:09 -0400
=================== Bug #492: Full Bug Snapshot ===================
Submitted by: None Project: mldonkey, open e-Donkey client
Submitted on: 2002-May-28 20:02
Category: None Severity: 5 - Major
Bug Group: None Resolution: None
Assigned to: None Status: Open
Summary: Potential security problem - mldonkey creating subdirectories.
Original Submission: Hi!
I'm not sure if i just found a potential security threat in mlDonkey 1.16. I
have written another description of the problem to one of the developers
(including hashes for the file), because i don't wanted to post hashes/and or
I just finished some download and commited the files using the "commit"
command. This was the filename as it was shown in the web-interface:
Downloaded 2 files [ Num ] File Size MD4
[3 ] some-scvd.bin 800000000 SOME_LENGTHY_MD4_CHECKSUM
After commiting, i looked into the incoming directory, and noticed that
mldonkey created a subdirectory, containing a single file:
fli4l:/mnt/hda4/incoming/ed2k # tree
1 directory, 1 files
So mldonkey seems to have created a subdirectory named
"Some_subdirectory_created_by_mldonkey_after_committing", containing a single
Is this the wanted behaviour? I'm afraid that this could be a potential
security threat, if the file would have been written to something like
"/root/i0wnzY0" or something like that..
I'm going to post this mail to the bug tracking forum, too (but without real
filenames and hashes).
No Followups Have Been Posted
For detailed info, follow this link:
- [Mldonkey-bugs] [Bug #492] Potential security problem - mldonkey creating subdirectories.,