| 12345678910111213141516171819202122232425262728293031323334353637383940414243 |
- <sect2><title> </title><para> </para></sect2>
- <sect2>
- <title>Installation of Ed</title>
- <note><para>Ed isn't something which many people use. It's installed here
- because it can be used by the patch program if you encounter an ed-based patch
- file. This happens rarely because diff-based patches are preferred these
- days.</para></note>
- <para>This package requires its patch to be applied before you can
- install it. This patch fixes a symlink vulnerability in
- <userinput>ed</userinput>. The <userinput>ed</userinput> executable
- creates files in <filename class="directory">/tmp</filename> with
- predictable names. By using various symlink attacks, it is possible
- to have ed write to files it should not, change the permissions of
- files, etc.</para>
- <para>Apply the patch:</para>
- <para><screen><userinput>patch -Np1 -i ../ed-&ed-patch-version;.patch</userinput></screen></para>
- <para>Prepare Ed to be compiled:</para>
- <para><screen><userinput>./configure --prefix=/usr</userinput></screen></para>
- <para>Continue with compiling the package:</para>
- <para><screen><userinput>make</userinput></screen></para>
- <para>And finish off installing the package:</para>
- <para><screen><userinput>make install</userinput></screen></para>
- <para>We need to move the Ed binaries to the <filename
- class="directory">/bin</filename> directory so they may be used in
- the event that the <filename class="directory">/usr</filename>
- partition is unavailable.</para>
- <para><screen><userinput>mv /usr/bin/{ed,red} /bin</userinput></screen></para>
- </sect2>
|
