kopia lustrzana https://gitlab.com/sane-project/website
131 wiersze
5.5 KiB
HTML
131 wiersze
5.5 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
|
|
"http://www.w3.org/TR/REC-html40/loose.dtd">
|
|
<HTML>
|
|
<HEAD>
|
|
<TITLE>sane-devel: Re: xsane: tempfile handled insecurely</TITLE>
|
|
<META NAME="Author" CONTENT="Oliver Rauch (oliver.rauch@Wolfsburg.DE)">
|
|
<META NAME="Subject" CONTENT="Re: xsane: tempfile handled insecurely">
|
|
</HEAD>
|
|
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
|
|
<H1>Re: xsane: tempfile handled insecurely</H1>
|
|
<!-- received="Mon Feb 28 08:17:26 2000" -->
|
|
<!-- isoreceived="20000228161726" -->
|
|
<!-- sent="Mon, 28 Feb 2000 17:25:15 +0100" -->
|
|
<!-- isosent="20000228162515" -->
|
|
<!-- name="Oliver Rauch" -->
|
|
<!-- email="oliver.rauch@Wolfsburg.DE" -->
|
|
<!-- subject="Re: xsane: tempfile handled insecurely" -->
|
|
<!-- id="38BAA16B.4AE54818@wolfsburg.de" -->
|
|
<!-- inreplyto="l4ya865h0s.fsf@laminaria.rahul.net" -->
|
|
<STRONG>From:</STRONG> Oliver Rauch (<A HREF="mailto:oliver.rauch@Wolfsburg.DE?Subject=Re:%20xsane:%20tempfile%20handled%20insecurely&In-Reply-To=<38BAA16B.4AE54818@wolfsburg.de>"><EM>oliver.rauch@Wolfsburg.DE</EM></A>)<BR>
|
|
<STRONG>Date:</STRONG> Mon Feb 28 2000 - 08:25:15 PST
|
|
<P>
|
|
<!-- next="start" -->
|
|
<LI><STRONG>Next message:</STRONG> <A HREF="0389.html">Kenneth E. Harker: "sane: UMAX Astra 2200 SCSI problems"</A>
|
|
<UL>
|
|
<LI><STRONG>Previous message:</STRONG> <A HREF="0387.html">Bruce Burden: "Re: xsane as root - final mail"</A>
|
|
<LI><STRONG>In reply to:</STRONG> <A HREF="0380.html">Kevin Dalley: "xsane: tempfile handled insecurely"</A>
|
|
<!-- nextthread="start" -->
|
|
<LI><STRONG>Next in thread:</STRONG> <A HREF="0398.html">Ralph Angenendt: "Re: xsane: tempfile handled insecurely"</A>
|
|
<LI><STRONG>Reply:</STRONG> <A HREF="0398.html">Ralph Angenendt: "Re: xsane: tempfile handled insecurely"</A>
|
|
<!-- reply="end" -->
|
|
<LI><STRONG>Messages sorted by:</STRONG>
|
|
<A HREF="date.html#388">[ date ]</A>
|
|
<A HREF="index.html#388">[ thread ]</A>
|
|
<A HREF="subject.html#388">[ subject ]</A>
|
|
<A HREF="author.html#388">[ author ]</A>
|
|
</UL>
|
|
<HR NOSHADE><P>
|
|
<!-- body="start" -->
|
|
<P>
|
|
Kevin Dalley wrote:
|
|
<BR>
|
|
<P><EM>> This problem was reported by a Debian user with xsane-0.49.
|
|
</EM><BR>
|
|
<EM>>
|
|
</EM><BR>
|
|
<EM>> With this version of xsane it is possible to let a user overwrite his
|
|
</EM><BR>
|
|
<EM>> own files. Take for example user A with UID 1000 and user B who wants
|
|
</EM><BR>
|
|
<EM>> to overwrite a file of A. In this case B creates a symlink
|
|
</EM><BR>
|
|
<EM>> /tmp/preview-level-0-1000-mustek:_dev_sg1.ppm (1000 is the UID of user
|
|
</EM><BR>
|
|
<EM>> A, mustek:_dev_sg1.ppm is the specification of the scanner) to some
|
|
</EM><BR>
|
|
<EM>> file owned by user A, which B wants to be overwritten. If user A uses
|
|
</EM><BR>
|
|
<EM>> xsane in combination with the preview window the next time, it will
|
|
</EM><BR>
|
|
<EM>> overwrite the file, where the symlink points to, without asking
|
|
</EM><BR>
|
|
<EM>> before.
|
|
</EM><BR>
|
|
<EM>>
|
|
</EM><BR>
|
|
<P>Hi Kevin,
|
|
<BR>
|
|
<P>I can not imagen how that can happen,
|
|
<BR>
|
|
<P>here is the relevant part of the xsane-0.49 source:
|
|
<BR>
|
|
<P> remove(filename); /* remove existing preview */
|
|
<BR>
|
|
umask(0177); /* creare temporary file with "-rw-------" permissions */
|
|
<BR>
|
|
out = fopen(filename, "w");
|
|
<BR>
|
|
umask(XSANE_DEFAULT_UMASK); /* define new file permissions */
|
|
<BR>
|
|
<P>The temporary file or symlink is deleted before the new one is opend.
|
|
<BR>
|
|
I tested it the way you described it and everything works fine here,
|
|
<BR>
|
|
the file to which the symlink points keeps untouched!
|
|
<BR>
|
|
<P>Please could you check it.
|
|
<BR>
|
|
<P>Bye
|
|
<BR>
|
|
Oliver
|
|
<BR>
|
|
<P><PRE>
|
|
--
|
|
Homepage: <A HREF="http://www.wolfsburg.de/~rauch">http://www.wolfsburg.de/~rauch</A>
|
|
sane-umax: <A HREF="http://www.wolfsburg.de/~rauch/sane/sane-umax.html">http://www.wolfsburg.de/~rauch/sane/sane-umax.html</A>
|
|
xsane: <A HREF="http://www.wolfsburg.de/~rauch/sane/sane-xsane.html">http://www.wolfsburg.de/~rauch/sane/sane-xsane.html</A>
|
|
E-Mail: mailto:<A HREF="mailto:Oliver.Rauch@Wolfsburg.DE?Subject=Re:%20xsane:%20tempfile%20handled%20insecurely&In-Reply-To=<38BAA16B.4AE54818@wolfsburg.de>">Oliver.Rauch@Wolfsburg.DE</A>
|
|
<P><P><P><P>--
|
|
Source code, list archive, and docs: <A HREF="http://www.mostang.com/sane/">http://www.mostang.com/sane/</A>
|
|
To unsubscribe: echo unsubscribe sane-devel | mail <A HREF="mailto:majordomo@mostang.com?Subject=Re:%20xsane:%20tempfile%20handled%20insecurely&In-Reply-To=<38BAA16B.4AE54818@wolfsburg.de>">majordomo@mostang.com</A>
|
|
</PRE>
|
|
<P><!-- body="end" -->
|
|
<HR NOSHADE>
|
|
<UL>
|
|
<!-- next="start" -->
|
|
<LI><STRONG>Next message:</STRONG> <A HREF="0389.html">Kenneth E. Harker: "sane: UMAX Astra 2200 SCSI problems"</A>
|
|
<LI><STRONG>Previous message:</STRONG> <A HREF="0387.html">Bruce Burden: "Re: xsane as root - final mail"</A>
|
|
<LI><STRONG>In reply to:</STRONG> <A HREF="0380.html">Kevin Dalley: "xsane: tempfile handled insecurely"</A>
|
|
<!-- nextthread="start" -->
|
|
<LI><STRONG>Next in thread:</STRONG> <A HREF="0398.html">Ralph Angenendt: "Re: xsane: tempfile handled insecurely"</A>
|
|
<LI><STRONG>Reply:</STRONG> <A HREF="0398.html">Ralph Angenendt: "Re: xsane: tempfile handled insecurely"</A>
|
|
<!-- reply="end" -->
|
|
<LI><STRONG>Messages sorted by:</STRONG>
|
|
<A HREF="date.html#388">[ date ]</A>
|
|
<A HREF="index.html#388">[ thread ]</A>
|
|
<A HREF="subject.html#388">[ subject ]</A>
|
|
<A HREF="author.html#388">[ author ]</A>
|
|
</UL>
|
|
<!-- trailer="footer" -->
|
|
<HR NOSHADE>
|
|
<P>
|
|
<SMALL>
|
|
<EM>
|
|
This archive was generated by <A HREF="http://www.hypermail.org/">hypermail 2b29</A>
|
|
: <EM>Mon Feb 28 2000 - 08:18:11 PST</EM>
|
|
</EM>
|
|
</SMALL>
|
|
</BODY>
|
|
</HTML>
|