Date: Tue, 25 Jan 2005 13:55:06 +0000 (UTC) From: Jacques Vidrine <nectar@FreeBSD.org> To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/chinese/zhcon Makefile ports/chinese/zhcon/files patch-src::configfile.cpp Message-ID: <200501251355.j0PDt7gB049014@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
nectar 2005-01-25 13:55:06 UTC
FreeBSD ports repository
Modified files:
chinese/zhcon Makefile
Added files:
chinese/zhcon/files patch-src::configfile.cpp
Log:
The set-user-ID binary zhcon normally reads it's user-specified
configuration file as root. Drop privileges before opening the file to
prevent a local user from reading arbitrary files.
Reported by: Erik Sjölund
Obtained from: Debian
Revision Changes Path
1.32 +1 -1 ports/chinese/zhcon/Makefile
1.1 +21 -0 ports/chinese/zhcon/files/patch-src::configfile.cpp (new)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200501251355.j0PDt7gB049014>