Subject: CVS commit: basesrc
To: None <source-changes@netbsd.org>
From: Christos Zoulas <christos@netbsd.org>
List: source-changes
Date: 06/05/2001 20:05:12
Module Name: basesrc
Committed By: christos
Date: Tue Jun 5 17:05:12 UTC 2001
Modified Files:
basesrc/lib/libc/gen: __fts13.c
Log Message:
Fix problem reported by Kris Kennaway <kris@obsecurity.org>; In
the default case fts(3) uses chdir("..") to ascend the tree. The
sequence of chdir's can be intercepted by a malicious user who
moves a subtree that fts is currently traversing to a higher level,
thus making fts operate outside it's original starting directory.
To generate a diff of this commit:
cvs rdiff -r1.32 -r1.33 basesrc/lib/libc/gen/__fts13.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.