[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Nano-devel] [PATCH v3] pull in the futimens module from gnulib
From: |
Benno Schulenberg |
Subject: |
Re: [Nano-devel] [PATCH v3] pull in the futimens module from gnulib |
Date: |
Tue, 04 Apr 2017 12:19:30 +0200 |
On Tue, Apr 4, 2017, at 09:29, Kamil Dudka wrote:
> ... and use futimens() instead of utime() to prevent a symlink attack
> while creating a backup file. Otherwise, a non-privileged user could
> create an arbitrary symlink with name of the backup file and this way
> fool a privileged user to call utime() on the attacker-chosen file.
> ---
> autogen.sh | 1 +
> src/files.c | 24 ++++++++++++++----------
> src/proto.h | 2 +-
> 3 files changed, 16 insertions(+), 11 deletions(-)
Thanks. Pushed, 70bcf752, with a modified commit message.
Benno
--
http://www.fastmail.com - Choose from over 50 domains or use your own