Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Potential security issue in the zsh tests



Hi,

When building zsh, I notice that zsh writes results of the tests
directly under /tmp, e.g.

-rw-r--r-- 1 vlefevre vlefevre  0 2016-12-05 15:05:36 /tmp/zsh.ztst.err.14513
-rw-r--r-- 1 vlefevre vlefevre  0 2016-12-05 15:05:36 /tmp/zsh.ztst.in.14513
-rw-r--r-- 1 vlefevre vlefevre 13 2016-12-05 15:05:36 /tmp/zsh.ztst.out.14513
-rw-r--r-- 1 vlefevre vlefevre  0 2016-12-05 15:05:36 /tmp/zsh.ztst.terr.14513
-rw-r--r-- 1 vlefevre vlefevre 13 2016-12-05 15:05:36 /tmp/zsh.ztst.tout.14513

I wonder whether it could be subject to symlink attacks.

-- 
Vincent Lefèvre <vincent@xxxxxxxxxx> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)



Messages sorted by: Reverse Date, Date, Thread, Author