[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: [PATCH] kdesud (Security?)
From: Waldo Bastian <bastian () kde ! org>
Date: 2002-03-09 2:25:31
[Download RAW message or body]
kdesud contains an interesting bug. Interesting because it was introduced as
part of a security fix. Patch below.
Cheers,
Waldo
RCS file: /home/kde/kdebase/kdesu/kdesud/kdesud.cpp,v
retrieving revision 1.24
diff -u -p -r1.24 kdesud.cpp
--- kdesud.cpp 2001/12/29 17:12:39 1.24
+++ kdesud.cpp 2002/03/09 02:21:02
@@ -177,7 +177,7 @@ int create_socket()
sock = QFile::encodeName(locateLocal("socket",
QString("kdesud_%1").arg(display)));
int stat_err=lstat(sock, &s);
- if(!stat_err && S_ISLNK(s.st_ino)) {
+ if(!stat_err && S_ISLNK(s.st_mode)) {
kdWarning(1205) << "Someone is running a symlink attack on you\n";
if(unlink(sock)) {
kdWarning(1205) << "Could not delete symlink\n";
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic