cvs commit: ports/chinese/zhcon Makefile
ports/chinese/zhcon/files patch-src::configfile.cpp
Jacques A. Vidrine
nectar at FreeBSD.org
Tue Jan 25 05:57:38 PST 2005
On Tue, Jan 25, 2005 at 01:55:06PM +0000, Jacques A. Vidrine wrote:
> nectar 2005-01-25 13:55:06 UTC
>
> FreeBSD ports repository
>
> Modified files:
> chinese/zhcon Makefile
> Added files:
> chinese/zhcon/files patch-src::configfile.cpp
> Log:
> The set-user-ID binary zhcon normally reads it's user-specified
> configuration file as root. Drop privileges before opening the file to
> prevent a local user from reading arbitrary files.
>
> Reported by: Erik Sjölund
> Obtained from: Debian
I forgot to mention that this is
http://vuxml.freebsd.org/d371b627-6ed5-11d9-bd18-000a95bc6fae.html .
Cheers,
--
Jacques A Vidrine / NTT/Verio
nectar at celabo.org / jvidrine at verio.net / nectar at FreeBSD.org
More information about the cvs-all
mailing list