Date: Wed, 11 Jan 2006 21:53:34 +0100 From: "Simon L. Nielsen" <simon@FreeBSD.org> To: Aleksander Fafula <alex@fafula.com> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:03.cpio Message-ID: <20060111205333.GB839@zaphod.nitro.dk> In-Reply-To: <20060111143501.GB21628@fafula.com> References: <200601110819.k0B8JEl0066658@freefall.freebsd.org> <20060111143501.GB21628@fafula.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--ftEhullJWpWg/VHq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2006.01.11 15:35:01 +0100, Aleksander Fafula wrote: > I am preparing the translations of Security Advisories. This is why=20 > I have a few questions. Hey, Sure, ask away. We (FreeBSD Security Team) try to proof read a lot to fix typo's and make the text as clear as possibly, but unfortunately some things slip through. > I don't unerstand who are 'they', (files?): >=20 > > . The first problem can allow a local attacker to change the > > permissions of files owned by the user executing cpio providing > > that they have write access to the directory in which the file is > > being extracted. (CVE-2005-1111) Here "they" refers to the local attacker. > > NOTE WELL: The solution described below causes cpio to not exact files > > with absolute paths by default anymore. If it is required that cpio > > exact files with absolute names, use the --absolute-filenames > > parameter. >=20 > Shouldn't 'exact' be 'extract'. It's very interesting for me as=20 > I see 'exact' here two times (two typos or maybe I don't understand=20 > this). Whoops, yes it should be "extract" in both cases... well, at least I was consistent in my typos... ;-). I accept the pointy hat for this one. > Another suggestion is:=20 > Security Advisories on www.freebsd.org should be ordered by date. > Displaying 1,2,3 and no 4 causes people to omit advisory no 4! It=20 > should be displayed 4, 3, 2, 1 and probably all new releases - no matter > how many. > On http://www.freebsd.org/security/ sorting of advisories seems like abov= e. I agree in general, and I will try to improve it (though defining "new" items is not too easy for something like this). Xin Li has already reverse the order so 4, 3, and 2 are shown making it more clear that there have been 4 so far in 2006. --=20 Simon L. Nielsen FreeBSD Security Team --ftEhullJWpWg/VHq Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDxXBNh9pcDSc1mlERAhAsAJ40DEykoPQfiB8nyEFUFbfMffAL0wCgtWpn MNhH1uf3RC5oHVKEdhz70Pc= =6lwV -----END PGP SIGNATURE----- --ftEhullJWpWg/VHq--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060111205333.GB839>