kopia lustrzana https://gitlab.com/sane-project/website
123 wiersze
5.0 KiB
HTML
123 wiersze
5.0 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
|
|
"http://www.w3.org/TR/REC-html40/loose.dtd">
|
|
<HTML>
|
|
<HEAD>
|
|
<TITLE>sane-devel: Re: xsane: tempfile handled insecurely</TITLE>
|
|
<META NAME="Author" CONTENT="Oliver Rauch (oliver.rauch@Wolfsburg.DE)">
|
|
<META NAME="Subject" CONTENT="Re: xsane: tempfile handled insecurely">
|
|
</HEAD>
|
|
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
|
|
<H1>Re: xsane: tempfile handled insecurely</H1>
|
|
<!-- received="Sun Feb 27 23:14:16 2000" -->
|
|
<!-- isoreceived="20000228071416" -->
|
|
<!-- sent="Mon, 28 Feb 2000 08:20:59 +0100" -->
|
|
<!-- isosent="20000228072059" -->
|
|
<!-- name="Oliver Rauch" -->
|
|
<!-- email="oliver.rauch@Wolfsburg.DE" -->
|
|
<!-- subject="Re: xsane: tempfile handled insecurely" -->
|
|
<!-- id="38BA21DB.F4430A55@wolfsburg.de" -->
|
|
<!-- inreplyto="l4ya865h0s.fsf@laminaria.rahul.net" -->
|
|
<STRONG>From:</STRONG> Oliver Rauch (<A HREF="mailto:oliver.rauch@Wolfsburg.DE?Subject=Re:%20xsane:%20tempfile%20handled%20insecurely&In-Reply-To=<38BA21DB.F4430A55@wolfsburg.de>"><EM>oliver.rauch@Wolfsburg.DE</EM></A>)<BR>
|
|
<STRONG>Date:</STRONG> Sun Feb 27 2000 - 23:20:59 PST
|
|
<P>
|
|
<!-- next="start" -->
|
|
<LI><STRONG>Next message:</STRONG> <A HREF="0382.html">Lars Burgstahler: "Epson GT-7000 + TPU works fine now but ..."</A>
|
|
<UL>
|
|
<LI><STRONG>Previous message:</STRONG> <A HREF="0380.html">Kevin Dalley: "xsane: tempfile handled insecurely"</A>
|
|
<LI><STRONG>In reply to:</STRONG> <A HREF="0380.html">Kevin Dalley: "xsane: tempfile handled insecurely"</A>
|
|
<!-- nextthread="start" -->
|
|
<LI><STRONG>Next in thread:</STRONG> <A HREF="0388.html">Oliver Rauch: "Re: xsane: tempfile handled insecurely"</A>
|
|
<!-- reply="end" -->
|
|
<LI><STRONG>Messages sorted by:</STRONG>
|
|
<A HREF="date.html#381">[ date ]</A>
|
|
<A HREF="index.html#381">[ thread ]</A>
|
|
<A HREF="subject.html#381">[ subject ]</A>
|
|
<A HREF="author.html#381">[ author ]</A>
|
|
</UL>
|
|
<HR NOSHADE><P>
|
|
<!-- body="start" -->
|
|
<P>
|
|
Kevin Dalley wrote:
|
|
<BR>
|
|
<P><EM>> This problem was reported by a Debian user with xsane-0.49.
|
|
</EM><BR>
|
|
<EM>>
|
|
</EM><BR>
|
|
<EM>> With this version of xsane it is possible to let a user overwrite his
|
|
</EM><BR>
|
|
<EM>> own files. Take for example user A with UID 1000 and user B who wants
|
|
</EM><BR>
|
|
<EM>> to overwrite a file of A. In this case B creates a symlink
|
|
</EM><BR>
|
|
<EM>> /tmp/preview-level-0-1000-mustek:_dev_sg1.ppm (1000 is the UID of user
|
|
</EM><BR>
|
|
<EM>> A, mustek:_dev_sg1.ppm is the specification of the scanner) to some
|
|
</EM><BR>
|
|
<EM>> file owned by user A, which B wants to be overwritten. If user A uses
|
|
</EM><BR>
|
|
<EM>> xsane in combination with the preview window the next time, it will
|
|
</EM><BR>
|
|
<EM>> overwrite the file, where the symlink points to, without asking
|
|
</EM><BR>
|
|
<EM>> before.
|
|
</EM><BR>
|
|
<EM>>
|
|
</EM><BR>
|
|
<EM>> IMHO xsane should check whether the preview file in /tmp is a real
|
|
</EM><BR>
|
|
<EM>> file and whether it is owned by the user who runs xsane. Otherwise
|
|
</EM><BR>
|
|
<EM>> this is a security hole.
|
|
</EM><BR>
|
|
<EM>>
|
|
</EM><BR>
|
|
<EM>>
|
|
</EM><BR>
|
|
<P>Hi Kevin,
|
|
<BR>
|
|
<P>thanks for that info,
|
|
<BR>
|
|
<P>I will think about a good solution.
|
|
<BR>
|
|
<P>Bye
|
|
<BR>
|
|
Oliver
|
|
<BR>
|
|
<P><P><PRE>
|
|
--
|
|
Homepage: <A HREF="http://www.wolfsburg.de/~rauch">http://www.wolfsburg.de/~rauch</A>
|
|
sane-umax: <A HREF="http://www.wolfsburg.de/~rauch/sane/sane-umax.html">http://www.wolfsburg.de/~rauch/sane/sane-umax.html</A>
|
|
xsane: <A HREF="http://www.wolfsburg.de/~rauch/sane/sane-xsane.html">http://www.wolfsburg.de/~rauch/sane/sane-xsane.html</A>
|
|
E-Mail: mailto:<A HREF="mailto:Oliver.Rauch@Wolfsburg.DE?Subject=Re:%20xsane:%20tempfile%20handled%20insecurely&In-Reply-To=<38BA21DB.F4430A55@wolfsburg.de>">Oliver.Rauch@Wolfsburg.DE</A>
|
|
<P><P><P><P>--
|
|
Source code, list archive, and docs: <A HREF="http://www.mostang.com/sane/">http://www.mostang.com/sane/</A>
|
|
To unsubscribe: echo unsubscribe sane-devel | mail <A HREF="mailto:majordomo@mostang.com?Subject=Re:%20xsane:%20tempfile%20handled%20insecurely&In-Reply-To=<38BA21DB.F4430A55@wolfsburg.de>">majordomo@mostang.com</A>
|
|
</PRE>
|
|
<P><!-- body="end" -->
|
|
<HR NOSHADE>
|
|
<UL>
|
|
<!-- next="start" -->
|
|
<LI><STRONG>Next message:</STRONG> <A HREF="0382.html">Lars Burgstahler: "Epson GT-7000 + TPU works fine now but ..."</A>
|
|
<LI><STRONG>Previous message:</STRONG> <A HREF="0380.html">Kevin Dalley: "xsane: tempfile handled insecurely"</A>
|
|
<LI><STRONG>In reply to:</STRONG> <A HREF="0380.html">Kevin Dalley: "xsane: tempfile handled insecurely"</A>
|
|
<!-- nextthread="start" -->
|
|
<LI><STRONG>Next in thread:</STRONG> <A HREF="0388.html">Oliver Rauch: "Re: xsane: tempfile handled insecurely"</A>
|
|
<!-- reply="end" -->
|
|
<LI><STRONG>Messages sorted by:</STRONG>
|
|
<A HREF="date.html#381">[ date ]</A>
|
|
<A HREF="index.html#381">[ thread ]</A>
|
|
<A HREF="subject.html#381">[ subject ]</A>
|
|
<A HREF="author.html#381">[ author ]</A>
|
|
</UL>
|
|
<!-- trailer="footer" -->
|
|
<HR NOSHADE>
|
|
<P>
|
|
<SMALL>
|
|
<EM>
|
|
This archive was generated by <A HREF="http://www.hypermail.org/">hypermail 2b29</A>
|
|
: <EM>Sun Feb 27 2000 - 23:15:08 PST</EM>
|
|
</EM>
|
|
</SMALL>
|
|
</BODY>
|
|
</HTML>
|