Re: X11R6 NetBSD Security Problem

From: Kevin Vajk (kvajkat_private)
Date: Sun Mar 28 1999 - 19:01:41 PST

Next message: Cristiano Lincoln Mattos: "Re: Possible security hole"

Previous message: Paul Schandel: "Re: FrontPage + Apache + FreeBSD"
Maybe in reply to: in.telnetd: "X11R6 NetBSD Security Problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This patch looks pretty good.  (Much better than the current situatiuon!!!)

A few comments:

On Fri, 26 Mar 1999, Matthieu Herrb wrote:
> +    if (errno == EEXIST) {
> +	if (stat(path, &buf) != 0) {

This should be lstat().

> +	if (S_ISDIR(buf.st_mode) && ((buf.st_mode & ~S_IFMT) == mode)) {
> +	    return 0;
> +	}
> +    }

I think you'll want to check the owner of the directory, too.

- Kevin Vajk
  <kvajkat_private>

Next message: Cristiano Lincoln Mattos: "Re: Possible security hole"
Previous message: Paul Schandel: "Re: FrontPage + Apache + FreeBSD"
Maybe in reply to: in.telnetd: "X11R6 NetBSD Security Problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:40:48 PDT