kopia lustrzana https://gitlab.com/sane-project/website
116 wiersze
4.2 KiB
HTML
116 wiersze
4.2 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
|
|
"http://www.w3.org/TR/REC-html40/loose.dtd">
|
|
<HTML>
|
|
<HEAD>
|
|
<TITLE>sane-devel: Re: xsane: tempfile handled insecurely</TITLE>
|
|
<META NAME="Author" CONTENT="Ralph Angenendt (ralph@strg-alt-entf.org)">
|
|
<META NAME="Subject" CONTENT="Re: xsane: tempfile handled insecurely">
|
|
</HEAD>
|
|
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
|
|
<H1>Re: xsane: tempfile handled insecurely</H1>
|
|
<!-- received="Mon Feb 28 16:54:04 2000" -->
|
|
<!-- isoreceived="20000229005404" -->
|
|
<!-- sent="Tue, 29 Feb 2000 00:45:23 +0100" -->
|
|
<!-- isosent="20000228234523" -->
|
|
<!-- name="Ralph Angenendt" -->
|
|
<!-- email="ralph@strg-alt-entf.org" -->
|
|
<!-- subject="Re: xsane: tempfile handled insecurely" -->
|
|
<!-- id="20000229004523.B6292@strg-alt-entf.org" -->
|
|
<!-- inreplyto="38BAA16B.4AE54818@wolfsburg.de" -->
|
|
<STRONG>From:</STRONG> Ralph Angenendt (<A HREF="mailto:ralph@strg-alt-entf.org?Subject=Re:%20xsane:%20tempfile%20handled%20insecurely&In-Reply-To=<20000229004523.B6292@strg-alt-entf.org>"><EM>ralph@strg-alt-entf.org</EM></A>)<BR>
|
|
<STRONG>Date:</STRONG> Mon Feb 28 2000 - 15:45:23 PST
|
|
<P>
|
|
<!-- next="start" -->
|
|
<LI><STRONG>Next message:</STRONG> <A HREF="0399.html">Joe Smith: "Re: microtek X6EL"</A>
|
|
<UL>
|
|
<LI><STRONG>Previous message:</STRONG> <A HREF="0397.html">Jens Scheithauer: "Re: sane-devel-20000227 error: no "rev""</A>
|
|
<LI><STRONG>In reply to:</STRONG> <A HREF="0388.html">Oliver Rauch: "Re: xsane: tempfile handled insecurely"</A>
|
|
<!-- nextthread="start" -->
|
|
<!-- reply="end" -->
|
|
<LI><STRONG>Messages sorted by:</STRONG>
|
|
<A HREF="date.html#398">[ date ]</A>
|
|
<A HREF="index.html#398">[ thread ]</A>
|
|
<A HREF="subject.html#398">[ subject ]</A>
|
|
<A HREF="author.html#398">[ author ]</A>
|
|
</UL>
|
|
<HR NOSHADE><P>
|
|
<!-- body="start" -->
|
|
<P>
|
|
On Mon, Feb 28, 2000 at 05:25:15 +0100, Oliver Rauch wrote:
|
|
<BR>
|
|
<EM>>
|
|
</EM><BR>
|
|
<EM>> I can not imagen how that can happen,
|
|
</EM><BR>
|
|
<EM>>
|
|
</EM><BR>
|
|
<EM>> here is the relevant part of the xsane-0.49 source:
|
|
</EM><BR>
|
|
<EM>>
|
|
</EM><BR>
|
|
<EM>> remove(filename); /* remove existing preview */
|
|
</EM><BR>
|
|
<EM>> umask(0177); /* creare temporary file with "-rw-------" permissions */
|
|
</EM><BR>
|
|
<EM>> out = fopen(filename, "w");
|
|
</EM><BR>
|
|
<EM>> umask(XSANE_DEFAULT_UMASK); /* define new file permissions */
|
|
</EM><BR>
|
|
<EM>>
|
|
</EM><BR>
|
|
<EM>> The temporary file or symlink is deleted before the new one is opend.
|
|
</EM><BR>
|
|
<P>As it seems to be in /tmp/, it cannot be removed by User A if User B
|
|
<BR>
|
|
creates that file. Files in /tmp/ can only be deleted if you are the
|
|
<BR>
|
|
owner of that file. As said in private mail - try to use mktemp(3) to
|
|
<BR>
|
|
create temporary files.
|
|
<BR>
|
|
<P>Ralph
|
|
<BR>
|
|
<PRE>
|
|
--
|
|
"Do not dangle the mouse by its cable or throw the mouse at
|
|
co-workers."
|
|
-- From a manual for an SGI computer.
|
|
<P>
|
|
</PRE>
|
|
<HR NOSHADE>
|
|
<UL>
|
|
<LI>application/pgp-signature attachment: <A HREF="att-0398/01-part">stored</A>
|
|
</UL>
|
|
<!-- attachment="01-part" -->
|
|
<P><PRE>
|
|
--
|
|
Source code, list archive, and docs: <A HREF="http://www.mostang.com/sane/">http://www.mostang.com/sane/</A>
|
|
To unsubscribe: echo unsubscribe sane-devel | mail <A HREF="mailto:majordomo@mostang.com?Subject=Re:%20xsane:%20tempfile%20handled%20insecurely&In-Reply-To=<20000229004523.B6292@strg-alt-entf.org>">majordomo@mostang.com</A>
|
|
</PRE>
|
|
<P><!-- body="end" -->
|
|
<HR NOSHADE>
|
|
<UL>
|
|
<!-- next="start" -->
|
|
<LI><STRONG>Next message:</STRONG> <A HREF="0399.html">Joe Smith: "Re: microtek X6EL"</A>
|
|
<LI><STRONG>Previous message:</STRONG> <A HREF="0397.html">Jens Scheithauer: "Re: sane-devel-20000227 error: no "rev""</A>
|
|
<LI><STRONG>In reply to:</STRONG> <A HREF="0388.html">Oliver Rauch: "Re: xsane: tempfile handled insecurely"</A>
|
|
<!-- nextthread="start" -->
|
|
<!-- reply="end" -->
|
|
<LI><STRONG>Messages sorted by:</STRONG>
|
|
<A HREF="date.html#398">[ date ]</A>
|
|
<A HREF="index.html#398">[ thread ]</A>
|
|
<A HREF="subject.html#398">[ subject ]</A>
|
|
<A HREF="author.html#398">[ author ]</A>
|
|
</UL>
|
|
<!-- trailer="footer" -->
|
|
<HR NOSHADE>
|
|
<P>
|
|
<SMALL>
|
|
<EM>
|
|
This archive was generated by <A HREF="http://www.hypermail.org/">hypermail 2b29</A>
|
|
: <EM>Mon Feb 28 2000 - 16:55:09 PST</EM>
|
|
</EM>
|
|
</SMALL>
|
|
</BODY>
|
|
</HTML>
|