Fix for Issue #409
hmurray at megapathdsl.net
Tue Dec 19 11:55:35 UTC 2017
> That's not a fix, that's creating a latent security problem with clobbering
> a file name that's known in advance so you can plant things under that name
> and have it overwrite a different file that you normally wouldn't be able to
I'm not following what you are trying to describe.
If a bad guy can set things up so the write to a file does something nasty,
can't they just do the nasty stuff directly?
Changing the mode would work. But then we have to decide what mode to use.
These are my opinions. I hate spam.
More information about the devel