Re: [TiLP-devel] [Fwd: Found security vulnerability in TiLP for Unix {Scanned}] {Scanned}

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Romain Li=E9vin <ro...@li...> wrote:

Hi,

> roms,
>
> Running as root under Linux, I untarred tilp.tar.gz
> (version 6.76), libticables-3.8.7.tar.gz,
> libtifiles-0.6.1.tar.gz, and libticalcs-4.5.5.tar.gz.
> All of the directories extracted were world-writable,
> with permissions of "drwxrwxrwx" (although the files
> in the directories weren't world-writable).  If
> untarring in directories only intended to be
> root-writable, such as /usr/src, this is rather
> insecure.  I have submitted this as bug #1066768 in
> the SourceForge bug tracker.

1/ this is not a security issue
2/ you should not unpack untrusted archives as root
3/ you should never build a software as root; learn to use sudo or su
   for the make install stage
4/ /usr/src is for the kernel sources

5/ Romain, I bet you generated your tarball on a vfat partition ?

JB.

--=20
UNDERWEAR SHOULD BE WORN ON THE INSIDE
UNDERWEAR SHOULD BE WORN ON THE INSIDE
UNDERWEAR SHOULD BE WORN ON THE INSIDE
-+- Bart Simpson on chalkboard in episode 8F08

Re: [TiLP-devel] [Fwd: Found security vulnerability in TiLP for Unix {Scanned}] {Scanned}

TI graphing calculators <-> computer communication software

Re: [TiLP-devel] [Fwd: Found security vulnerability in TiLP for Unix {Scanned}] {Scanned}