[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cpio TOCTOU file-permissions vulnerability



Hello,

Since no fix has been posted, I've taken a stab at patching this. I think this
patch solves all issues with chmod & chown. I would recommend people review this
patch and apply since cpio can create suid files, devices, and directories with
special permissions. I have a patch for coreutils mostly done and will post that
soon.

-Steve Grubb


		
__________________________________ 
Do you Yahoo!? 
Make Yahoo! your home page 
http://www.yahoo.com/r/hs

Attachment: cpio-2.6-chmod.patch
Description: cpio-2.6-chmod.patch