[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Nano-devel] New prerelease for security tweaks
From: |
Mike Frysinger |
Subject: |
Re: [Nano-devel] New prerelease for security tweaks |
Date: |
Wed, 7 Apr 2010 16:44:32 -0400 |
User-agent: |
KMail/1.13.1 (Linux/2.6.33.2; KDE/4.4.1; x86_64; ; ) |
On Wednesday 07 April 2010 02:41:19 Chris Allegretta wrote:
> Now that the AFJ fun is hopefully behind us, we recently received
> some new attention from a security perspective, and an article was
> published on symlink attacks when running nano as root. The article
> is at http://drosenbe.blogspot.com/2010/03/nano-as-root.html if you're
> interested.
>
> The risk of a successful attack is somewhat small if you aren't in the
> habit of editing files in user's home directories or /tmp, but the
> issues presented are certainly legitimate. Dude to this I've included
> some fixes for the modification checks and backup file writing in svn.
> Unfortunately to implement that I had to break string freeze, so the
> updated PO file has been submitted so we're looking at two weeks
> before an official release if we want to follow normal procedure.
> Given the risk I think it's okay to wait the two weeks, since someone
> may wan to suggest a better fix than what's done so far.
>
> Anyway, if you're interested in trying out the fixes, the pre2 release
> is at http://www.nano-editor.org/dist/test/nano-2.2.4pre2.tar.gz
seems nano now segfaults when doing something simple like writing to a file
that doesnt exist yet
rm -f foo
nano foo
ctrl+o
segfault
-mike
signature.asc
Description: This is a digitally signed message part.
- [Nano-devel] New prerelease for security tweaks, Chris Allegretta, 2010/04/07
- Re: [Nano-devel] New prerelease for security tweaks, Jordi Mallach, 2010/04/07
- Re: [Nano-devel] New prerelease for security tweaks, Chris Allegretta, 2010/04/07
- Re: [Nano-devel] New prerelease for security tweaks, Jordi Mallach, 2010/04/08
- Re: [Nano-devel] New prerelease for security tweaks, Chris Allegretta, 2010/04/09
- Re: [Nano-devel] New prerelease for security tweaks, Eitan Adler, 2010/04/10
- Re: [Nano-devel] New prerelease for security tweaks, Chris Allegretta, 2010/04/14
Re: [Nano-devel] New prerelease for security tweaks,
Mike Frysinger <=