Zsh Mailing List Archive
Messages sorted by:
Reverse Date,
Date,
Thread,
Author
Potential security issue in the zsh tests
- X-seq: zsh-workers 40101
- From: Vincent Lefevre <vincent@xxxxxxxxxx>
- To: zsh-workers@xxxxxxx
- Subject: Potential security issue in the zsh tests
- Date: Mon, 5 Dec 2016 15:07:25 +0100
- List-help: <mailto:zsh-workers-help@zsh.org>
- List-id: Zsh Workers List <zsh-workers.zsh.org>
- List-post: <mailto:zsh-workers@zsh.org>
- Mail-followup-to: zsh-workers@xxxxxxx
- Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
Hi,
When building zsh, I notice that zsh writes results of the tests
directly under /tmp, e.g.
-rw-r--r-- 1 vlefevre vlefevre 0 2016-12-05 15:05:36 /tmp/zsh.ztst.err.14513
-rw-r--r-- 1 vlefevre vlefevre 0 2016-12-05 15:05:36 /tmp/zsh.ztst.in.14513
-rw-r--r-- 1 vlefevre vlefevre 13 2016-12-05 15:05:36 /tmp/zsh.ztst.out.14513
-rw-r--r-- 1 vlefevre vlefevre 0 2016-12-05 15:05:36 /tmp/zsh.ztst.terr.14513
-rw-r--r-- 1 vlefevre vlefevre 13 2016-12-05 15:05:36 /tmp/zsh.ztst.tout.14513
I wonder whether it could be subject to symlink attacks.
--
Vincent Lefèvre <vincent@xxxxxxxxxx> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
Messages sorted by:
Reverse Date,
Date,
Thread,
Author