Permalink
Show file tree
Hide file tree
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Prevent symlink attacks via .augnew during saving
Instead of saving into a predictable PATH.augnew file, save into a securely
created PATH.augnew.XXXXXX
* src/transform.c (transform_save):
write changes to a temporary file in the same directory as the destination
(either the file's canonical path or the path of .augnew), before renaming
* src/transform.c (transfer_file_attrs):
use fchown, fchmod etc. on the same file handles to ensure consistent
permission changes
* bootstrap: add mkstemp gnulib module
* tests/
test-put-symlink-augnew.sh: test symlink attack when writing .augnew
test-put-symlink-augsave.sh: test symlink attack when writing .augsave
test-put-symlink-augtemp.sh: test symlink attack via temp .augnew
test-put-symlink.sh: also test file modification
Fixes BZ 772257- Loading branch information
Dominic Cleal
authored and
David Lutterkort
committed
Jul 19, 2012
1 parent
730cdda
commit 1638774
Showing
10 changed files
with
270 additions
and
59 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -72,6 +72,7 @@ gitlog-to-changelog | |
| canonicalize-lgpl | ||
| isblank | ||
| locale | ||
| mkstemp | ||
| regex | ||
| safe-alloc | ||
| selinux-h | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.