[prev in list] [next in list] [prev in thread] [next in thread]
List: php-gtk-dev
Subject: [PHP-GTK-DEV] GtkFileSelection security problem?
From: 24.51.119.192
Date: 2004-06-09 21:59:05
Message-ID: 20040609215906.41650.qmail () pb1 ! pair ! com
[Download RAW message or body]
I'm running a Linux box (Fedora Core 2), and I was working with the
GtkFileSelection dialog, testing it and whatnot, when I stumbled across
something rather odd. I created a file and chown'd it to root. Then,
as a normal user, I opened the root-owned file using the
GtkFileSelection dialog, and then, I opened the dialog again, chose the
file, and clicked the delete button in the dialog. It prompted me as to
whether I wanted to delete it. So, just to test it, I chose "Delete."
It deleted the file.
I have tried it again with another file owned by root. It continues to
delete it. It should not allow me to delete the file, but it is
deleting it nonetheless.
BTW, I'm running PHP 4.3.7, if that makes a difference.
--
Regards,
Ben Ramsey
http://benramsey.com
---------------------------------------------------
http://www.phpcommunity.org/
Open Source, Open Community
Visit for more information or to join the movement.
---------------------------------------------------
--
PHP-GTK Development Mailing List (http://gtk.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic