Logfile symlink vulnerability
Takuma Murakami
takuma@dgp.ne.jp
Mon Mar 22 12:29:00 GMT 2004
Eran,
> It's really a classical Unix security pitfall that occurs whenever you
> write to files in world-writable directories. It has to be dealt with at
> the application level, either by being careful about existing files or
> by using atomically generated unique filenames.
Because the vulnerability is not unique to Cygwin/X as you
mentioned, it should be fixed in upper levels so that every
implementation of XFree86 can benefit. If some of those
(e.g. X server of Linux) have already fixed it we can borrow
it instead of a redundant reinvention.
However, I must say that I can't contribute to this point
because of lack of time. Could you look into other
implementations? It should be greatly appreciated.
Takuma Murakami
More information about the Cygwin-xfree
mailing list