Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2020-13882: discovered by Sander Bos, code submission by Katarina Durechova - Store log and data file in home directory for non-privileged usage #594

Merged
merged 1 commit into from
Jun 18, 2020
Merged

CVE-2020-13882: discovered by Sander Bos, code submission by Katarina Durechova - Store log and data file in home directory for non-privileged usage #594

merged 1 commit into from
Jun 18, 2020

Conversation

katkad
Copy link
Contributor

@katkad katkad commented Oct 27, 2018
edited by mboelen
Loading

CVE-2020-13882: discovered by Sander Bos, code submission by Katarina Durechova - Store log and data file in home directory for non-privileged usage

@mboelen mboelen self-assigned this Apr 7, 2019
@mboelen
Copy link
Member

mboelen commented Apr 7, 2019

As this 'breaks' the location that is well-known, the patch is waiting to be included in a major release.

konstruktoid
konstruktoid reviewed Oct 16, 2019
View reviewed changes
lynis
if [ ! -f "$HOME/lynis.log" ]; then
if [ -L "$HOME/lynis.log" ]; then echo "Log file is symlinked, which can introduce the risk of a symlink attack."; exit 1; fi
touch "$HOME/lynis.log"
if [ $? -eq 0 ]; then LOGFILE="$HOME/lynis.log"; else LOGFILE="/dev/null"; fi
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why $? and not if touch "$HOME/lynis.log"?

@github-actions github-actions bot closed this Dec 26, 2019
@mboelen mboelen reopened this Dec 26, 2019
@CISOfy CISOfy deleted a comment from github-actions bot Dec 26, 2019
@CISOfy CISOfy deleted a comment from github-actions bot Apr 6, 2020
@CISOfy CISOfy deleted a comment from github-actions bot Apr 6, 2020
@mboelen
Copy link
Member

mboelen commented Apr 6, 2020

Pull request is waiting for inclusion. Requires additional work to be implemented.

@CISOfy CISOfy deleted a comment from github-actions bot May 7, 2020
@CISOfy CISOfy deleted a comment from github-actions bot Jun 18, 2020
@mboelen mboelen changed the title Store log and data file in home directory for non-privileged usage CVE-2020-13882: discovered by Sander Bos, code submission by Katarina Durechova - Store log and data file in home directory for non-privileged usage Jun 18, 2020
@mboelen mboelen merged commit 051be09 into CISOfy:master Jun 18, 2020
@ryneeverett ryneeverett mentioned this pull request Jul 28, 2020
Closed
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@konstruktoid konstruktoid konstruktoid left review comments

Assignees

@mboelen mboelen

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@katkad @mboelen @konstruktoid