symlink attack in __fish_print_packages and spawning fishd (CVE-2014-3219) #1440

Closed
zanchey opened this Issue Apr 28, 2014 · 1 comment

Comments

Projects
None yet
1 participant
@zanchey
Member

zanchey commented Apr 28, 2014

Both __fish_print_packages and (in master, not in any releases) start_fishd access temporary files in /tmp blindly, allowing a symlink attack.

This is somewhat defended against by the sysctl fs.protected_symlinks in newer releases of Linux, thankfully.

CVE-ID is CVE-2014-3219.

@zanchey

This comment has been minimized.

Show comment
Hide comment
@zanchey

zanchey Apr 28, 2014

Member

Yikes, start_fishd() is vulnerable in 2.1.0 and 2.0.0.

Member

zanchey commented Apr 28, 2014

Yikes, start_fishd() is vulnerable in 2.1.0 and 2.0.0.

@zanchey zanchey added the bug label Apr 29, 2014

@zanchey zanchey added this to the 2.1.1 milestone Apr 29, 2014

@zanchey zanchey closed this in 3225d7e May 12, 2014

@zanchey zanchey self-assigned this Sep 1, 2014

@zanchey zanchey changed the title from symlink attack in __fish_print_packages and spawning fishd to symlink attack in __fish_print_packages and spawning fishd (CVE-2014-3219) Sep 6, 2014

zanchey added a commit that referenced this issue Sep 6, 2014

avoid symlink attacks in __fish_print_packages
 * use $XDG_CACHE_HOME for __fish_print_packages completion caches

Fix for CVE-2014-3219.

Closes #1440.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment