Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: zsh/files module and insecure tempfile creation

X-seq: zsh-workers 34249
From: Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx>
To: <zsh-workers@xxxxxxx>
Subject: Re: zsh/files module and insecure tempfile creation
Date: Sun, 11 Jan 2015 22:56:26 -0800
In-reply-to: <20150112054344.GC1728@tarsus.local2>
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
References: <150109223150.ZM24107@torch.brasslantern.com> <20150112054344.GC1728@tarsus.local2>

On Jan 12,  5:43am, Daniel Shahaf wrote:
} Subject: Re: zsh/files module and insecure tempfile creation
}
} Bart Schaefer wrote on Fri, Jan 09, 2015 at 22:31:50 -0800:
} > Next the attacker must be able to swap the directory or symlink with
} > a symlink to his own target file.
} 
} On FreeBSD systems, 'cat /path/to/dir' works (prints something and
} returns 0).

That is also avoided, I think, by using zf_ln -fn to be sure the target
is removed and replaced by zsh's temp file.  I think we're OK there after
this latest patch pass.

References:
- zsh/files module and insecure tempfile creation
  - From: Bart Schaefer
- Re: zsh/files module and insecure tempfile creation
  - From: Daniel Shahaf

Messages sorted by: Reverse Date, Date, Thread, Author