Fix for Issue #409
Hal Murray
hmurray at megapathdsl.net
Tue Dec 19 11:55:35 UTC 2017
> That's not a fix, that's creating a latent security problem with clobbering
> a file name that's known in advance so you can plant things under that name
> and have it overwrite a different file that you normally wouldn't be able to
> access.
I'm not following what you are trying to describe.
If a bad guy can set things up so the write to a file does something nasty,
can't they just do the nasty stuff directly?
Changing the mode would work. But then we have to decide what mode to use.
--
These are my opinions. I hate spam.
More information about the devel
mailing list