summaryrefslogtreecommitdiffstats
path: root/genvmop.txr
diff options
context:
space:
mode:
authorKaz Kylheku <kaz@kylheku.com>2022-07-30 12:09:51 -0700
committerKaz Kylheku <kaz@kylheku.com>2022-07-30 12:09:51 -0700
commit49255506f37ba61514c55b2f8bd6515ba1cae3c3 (patch)
treef7e1fefba40b1bfebfcdd35e65f7078e43039242 /genvmop.txr
parent9650fbc008dd1aaf10967ef367e5feb08f98937a (diff)
downloadtxr-49255506f37ba61514c55b2f8bd6515ba1cae3c3.tar.gz
txr-49255506f37ba61514c55b2f8bd6515ba1cae3c3.tar.bz2
txr-49255506f37ba61514c55b2f8bd6515ba1cae3c3.zip
path-components-safe: tighten /proc check
Attacks are possible via /proc/<pid>/fd/<n> involving a deleted file, whereby the link target changes from "/path/to/file" to "/path/to/file (deleted)", which can be perpetrated by a different user, not related to process <pid>, who has access to perform unlink("/path/to/file"). * stdlib/path-test.tl (safe-abs-path): Perform the pattern check regardless of effective user ID. * tests/018/path-safe.tl: Test cases adjusted.
Diffstat (limited to 'genvmop.txr')
0 files changed, 0 insertions, 0 deletions