pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: pkg/23337 (ispell's munchlist is unsafe (tmp usage))
The following reply was made to PR pkg/23337; it has been noted by GNATS.
From: "Jeremy C. Reed" <reed%NetBSD.org@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc:
Subject: Re: pkg/23337 (ispell's munchlist is unsafe (tmp usage))
Date: Mon, 9 Jan 2006 09:21:06 -0800 (PST)
On Sun, 8 Jan 2006 salo%netbsd.org@localhost wrote:
> ispell uses mktemp for quite some time now.
In the case, that mktemp fails, then it is vulnerable again. Easy to make
it fail: just prepopulate all the possible combinations and then precreate
all your symlinks to have it overwrite files. (I provided different
patches to them back on Nov. 1, 2003.) Same problem in some other scripts
there too. I will email the ispell developers about this again.
Jeremy C. Reed
``Of course it runs NetBSD.''
http://www.NetBSD.org/
Home |
Main Index |
Thread Index |
Old Index