Tracker: Bugs
gpicview-0.1.9 src/main-win.c uses hardcoded /tmp/rot.jpg for jpeg file
saves.
This assumes that system only has one user and more importantly someone can
easily create a symlink and cause gpicview to overwrite files. With a
properly designed jpeg file that has embedded data it could easily be used
to compromise a system.
I created a symlink. And the target was destroyed:
$ ls -l 00028.jpg /home/reed/important /tmp/rot.jpg
-rw-r--r-- 1 reed users 903936 Jul 16 07:43 /home/reed/important
lrwxr-xr-x 1 reed wheel 20 Jul 16 07:37 /tmp/rot.jpg ->
/home/reed/important
-rw-r--r-- 1 reed users 903936 Jul 16 07:43 00028.jpg
Use mkstemp or other safe routine.
Nobody/Anonymous
None
None
Public
Comments ( 2 )
|
Date: 2008-10-05 17:57 Closed as requested. |
|
Date: 2008-09-13 17:49 This has been fixed in r845 and the 0.1.10 release. Please close. |
Log in to comment.
Attached File
No Files Currently Attached
Changes ( 2 )
| Field | Old Value | Date | By |
|---|---|---|---|
| status_id | Open | 2008-10-05 17:57 | jserv |
| close_date | - | 2008-10-05 17:57 | jserv |
About SourceForge
Develop Software
Community
Copyright © 2010 Geeknet, Inc. All rights reserved. Terms of Use
