Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

symlink attack in __fish_print_packages and spawning fishd (CVE-2014-3219) #1440

zanchey opened this issue Apr 28, 2014 · 1 comment


Copy link

@zanchey zanchey commented Apr 28, 2014

Both __fish_print_packages and (in master, not in any releases) start_fishd access temporary files in /tmp blindly, allowing a symlink attack.

This is somewhat defended against by the sysctl fs.protected_symlinks in newer releases of Linux, thankfully.

CVE-ID is CVE-2014-3219.

Copy link
Member Author

@zanchey zanchey commented Apr 28, 2014

Yikes, start_fishd() is vulnerable in 2.1.0 and 2.0.0.

@zanchey zanchey added the bug label Apr 29, 2014
@zanchey zanchey added this to the 2.1.1 milestone Apr 29, 2014
@zanchey zanchey closed this in 3225d7e May 12, 2014
@zanchey zanchey self-assigned this Sep 1, 2014
@zanchey zanchey changed the title symlink attack in __fish_print_packages and spawning fishd symlink attack in __fish_print_packages and spawning fishd (CVE-2014-3219) Sep 6, 2014
zanchey added a commit that referenced this issue Sep 6, 2014
 * use $XDG_CACHE_HOME for __fish_print_packages completion caches

Fix for CVE-2014-3219.

Closes #1440.
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 19, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant