|
@@ -8,13 +8,12 @@ because it can be used by the patch program if you encounter an ed-based patch
|
|
|
file. This happens rarely because diff-based patches are preferred these
|
|
file. This happens rarely because diff-based patches are preferred these
|
|
|
days.</para></note>
|
|
days.</para></note>
|
|
|
|
|
|
|
|
-<para>This package requires its patch to be applied before you can
|
|
|
|
|
-install it. This patch fixes a symlink vulnerability in
|
|
|
|
|
-<userinput>ed</userinput>. The <userinput>ed</userinput> executable
|
|
|
|
|
-creates files in <filename class="directory">/tmp</filename> with
|
|
|
|
|
-predictable names. By using various symlink attacks, it is possible
|
|
|
|
|
-to have ed write to files it should not, change the permissions of
|
|
|
|
|
-files, etc.</para>
|
|
|
|
|
|
|
+<para>Ed uses mktemp to create temporary files in <filename
|
|
|
|
|
+class="directory">/tmp</filename>, but this function has a security
|
|
|
|
|
+vulnerability (see section on Temporary Files in
|
|
|
|
|
+<ulink url="http://en.tldp.org/HOWTO/Secure-Programs-HOWTO/avoid-race.html"/>).
|
|
|
|
|
+This patch makes Ed use mkstemp instead, which is the recommended way to
|
|
|
|
|
+create temporary files.</para>
|
|
|
|
|
|
|
|
<para>Apply the patch:</para>
|
|
<para>Apply the patch:</para>
|
|
|
|
|
|
Gerard Beekmans