|
|
BugTraq
Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution Jul 17 2008 10:54PM Jan MinĂ¡Å? (rdancer rdancer org) (2 replies) Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution Jul 25 2008 01:17AM Robert Buchholz (rbu gentoo org) (1 replies) Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution Jul 25 2008 02:16AM Jan MináÅ? (rdancer rdancer org) (2 replies) Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution Jul 25 2008 03:57PM Steven M. Christey (coley linus mitre org) (1 replies) Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution Jul 25 2008 10:18AM Robert Buchholz (rbu gentoo org) Re: Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution Jul 18 2008 07:38AM Nikolai Weibull (now bitwi se) |
|
Privacy Statement |
<coley (at) linus.mitre (dot) org [email concealed]> wrote:
>
> On Fri, 25 Jul 2008, [UTF-8] Jan Miná�^Y wrote:
>
>> > The commands do not have to be written there between (1) and (2), they
>> > can be in the file long before the ./configure was started -- just
>> > because the script does care whether it can write to the file at all.
>> > So unlike stated in the advisory, and in CVE-2008-3294, the issue does
>> > not involve a race condition if the attacker would choose to create a
>> > 644 file.
>>
>> The file gets truncated in (1). You're wrong, the advisory is right.
>
> Maybe the point here is that if the attacker owns the file and sets 644
> permissions, then the truncation won't happen since ./configure won't have
> the permissions to modify the file.
I stand corrected. I have updated the advisory. Thanks, Robert.
Thanks to Steven for rephrasing.
Jan.
[ reply ]