Menu
▾
▴
Re: [TiLP-devel] [Fwd: Found security vulnerability in TiLP for Unix {Scanned}] {Scanned}
|
From: Romain <ro...@li...> - 2004-11-15 20:06:17
|
Hi, >> Running as root under Linux, I untarred tilp.tar.gz >> (version 6.76), libticables-3.8.7.tar.gz, >> libtifiles-0.6.1.tar.gz, and libticalcs-4.5.5.tar.gz. >> All of the directories extracted were world-writable, >> with permissions of "drwxrwxrwx" (although the files >> in the directories weren't world-writable). If >> untarring in directories only intended to be >> root-writable, such as /usr/src, this is rather >> insecure. I have submitted this as bug #1066768 in >> the SourceForge bug tracker. > > 1/ this is not a security issue > 2/ you should not unpack untrusted archives as root > 3/ you should never build a software as root; learn to use sudo or su > for the make install stage > 4/ /usr/src is for the kernel sources > > 5/ Romain, I bet you generated your tarball on a vfat partition ? No, I didn't. I don't use vfat any longer (since SVN). Romain. --=20 Romain Li=E9vin : <ro...@li...> Web site : http://www.lievin.net "Linux, y'a moins bien mais c'est plus cher !" |
