Re: [Nano-devel] what is --nofollow good for?

nano-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nano-devel] what is --nofollow good for?

From:	David Niklas
Subject:	Re: [Nano-devel] what is --nofollow good for?
Date:	Fri, 5 Feb 2016 11:22:53 -0500

> > 
> > Sincerely, David  
> 
> Vulnerable to what?  The symlink attack?
> 
> nano defends this by printing the "File was modified since you opened
> it, continue saving ?" prompt, does not it?
> 
>     
> http://svn.savannah.gnu.org/viewvc/trunk/nano/src/files.c?root=nano&r1=4344&r2=4343
> 
> This used to be referred to as CVE-2010-1160:
> 
>     https://access.redhat.com/security/cve/cve-2010-1160
> 
> Kamil

No, I mean that a file that was not a symlink or a symlink to a specific
place should not change to a symloink or link to another place.
And the above editors don't check that, though I did mention that several
noticed that the file changed.

Sincerely, David

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Nano-devel] what is --nofollow good for?, doark, 2016/02/01
- Re: [Nano-devel] what is --nofollow good for?, Kamil Dudka, 2016/02/01
- Re: [Nano-devel] what is --nofollow good for?, David Niklas <=

Prev by Date: Re: [Nano-devel] disable a time-consuming multiline regex?
Next by Date: Re: [Nano-devel] begin using gnulib?
Previous by thread: Re: [Nano-devel] what is --nofollow good for?
Next by thread: [Nano-devel] [PATCH 1/2] check stat's result and avoid calling stat on a NULL pointer
Index(es):
- Date
- Thread