[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#12947: address@hidden: Bug#598018: install: temporary insecure file
From: |
Paul Eggert |
Subject: |
bug#12947: address@hidden: Bug#598018: install: temporary insecure file permissions] |
Date: |
Tue, 20 Nov 2012 18:12:32 -0800 |
User-agent: |
Mozilla/5.0 (X11; Linux i686; rv:16.0) Gecko/20121028 Thunderbird/16.0.2 |
On 11/20/2012 01:41 PM, Eric Blake wrote:
> This also needs a NEWS entry. I'm not sure how easy or hard it would be
> to write a test case, though.
Jim's the expert on writing test cases for race conditions.
Not sure that this one is worth a lot of work, though.
I pushed this NEWS patch:
>From 791a9c05122a1031820eebf58c04c4f157e36cfd Mon Sep 17 00:00:00 2001
From: Paul Eggert <address@hidden>
Date: Tue, 20 Nov 2012 18:10:21 -0800
Subject: [PATCH] install: fix security race
* NEWS: Document this.
---
NEWS | 3 +++
1 file changed, 3 insertions(+)
diff --git a/NEWS b/NEWS
index 713f761..15fddd4 100644
--- a/NEWS
+++ b/NEWS
@@ -14,6 +14,9 @@ GNU coreutils NEWS -*-
outline -*-
Instead, cut now fails and emits an appropriate diagnostic.
[This bug was present in "the beginning".]
+ install -m M SOURCE DEST no longer has a race condition where DEST's
+ permissions are temporarily derived from SOURCE instead of from M.
+
pr -n no longer crashes when passed values >= 32. Also line numbers are
consistently padded with spaces, rather than with zeros for certain widths.
[bug introduced in TEXTUTILS-1_22i]
--
1.7.11.7