-
Notifications
You must be signed in to change notification settings - Fork 76
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
upload: validate and sanitize uploaded dump directories
It was discovered that, when moving problem reports from /var/spool/abrt-upload to /var/spool/abrt or /var/tmp/abrt, abrt-handle-upload does not verify that the new problem directory has appropriate permissions and does not contain symbolic links. A crafted problem report exposes other parts of abrt to attack, and the abrt-handle-upload script allows to overwrite arbitrary files. Acknowledgement: This issue was discovered by Florian Weimer of Red Hat Product Security. Related: #1212953 Signed-off-by: Jakub Filak <jfilak@redhat.com>
- Loading branch information
Jakub Filak
committed
Apr 21, 2015
1 parent
e2608f9
commit 3746b76
Showing
1 changed file
with
70 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters