[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Nano-devel] what is --nofollow good for?
From: |
David Niklas |
Subject: |
Re: [Nano-devel] what is --nofollow good for? |
Date: |
Fri, 5 Feb 2016 11:22:53 -0500 |
> >
> > Sincerely, David
>
> Vulnerable to what? The symlink attack?
>
> nano defends this by printing the "File was modified since you opened
> it, continue saving ?" prompt, does not it?
>
>
> http://svn.savannah.gnu.org/viewvc/trunk/nano/src/files.c?root=nano&r1=4344&r2=4343
>
> This used to be referred to as CVE-2010-1160:
>
> https://access.redhat.com/security/cve/cve-2010-1160
>
> Kamil
No, I mean that a file that was not a symlink or a symlink to a specific
place should not change to a symloink or link to another place.
And the above editors don't check that, though I did mention that several
noticed that the file changed.
Sincerely, David