From owner-freebsd-security@FreeBSD.ORG Wed Jan 11 14:34:59 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 91C7516A41F for ; Wed, 11 Jan 2006 14:34:59 +0000 (GMT) (envelope-from alex@fafula.com) Received: from fafula.com (wj118.internetdsl.tpnet.pl [80.55.191.118]) by mx1.FreeBSD.org (Postfix) with ESMTP id D192B43D66 for ; Wed, 11 Jan 2006 14:34:58 +0000 (GMT) (envelope-from alex@fafula.com) Received: by fafula.com (Postfix, from userid 1001) id B4853422A; Wed, 11 Jan 2006 15:35:01 +0100 (CET) Date: Wed, 11 Jan 2006 15:35:01 +0100 From: Aleksander Fafula To: freebsd-security@freebsd.org Message-ID: <20060111143501.GB21628@fafula.com> References: <200601110819.k0B8JEl0066658@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline In-Reply-To: <200601110819.k0B8JEl0066658@freefall.freebsd.org> User-Agent: Mutt/1.4.2.1i Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:03.cpio X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Jan 2006 14:34:59 -0000 Hello. I am preparing the translations of Security Advisories. This is why I have a few questions. I don't unerstand who are 'they', (files?): > . The first problem can allow a local attacker to change the > permissions of files owned by the user executing cpio providing > that they have write access to the directory in which the file is > being extracted. (CVE-2005-1111) I am having prolem with translating this: > NOTE WELL: The solution described below causes cpio to not exact files > with absolute paths by default anymore. If it is required that cpio > exact files with absolute names, use the --absolute-filenames > parameter. Shouldn't 'exact' be 'extract'. It's very interesting for me as I see 'exact' here two times (two typos or maybe I don't understand this). Thank you very much for your answers. Best regards, Aleksander Fafula PS Another suggestion is: Security Advisories on www.freebsd.org should be ordered by date. Displaying 1,2,3 and no 4 causes people to omit advisory no 4! It should be displayed 4, 3, 2, 1 and probably all new releases - no matter how many. On http://www.freebsd.org/security/ sorting of advisories seems like above. -- Still looking for the last digit of pi...