Date: Wed, 11 Jan 2006 21:53:34 +0100 From: "Simon L. Nielsen" <simon@FreeBSD.org> To: Aleksander Fafula <alex@fafula.com> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:03.cpio Message-ID: <20060111205333.GB839@zaphod.nitro.dk> In-Reply-To: <20060111143501.GB21628@fafula.com> References: <200601110819.k0B8JEl0066658@freefall.freebsd.org> <20060111143501.GB21628@fafula.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On 2006.01.11 15:35:01 +0100, Aleksander Fafula wrote: > I am preparing the translations of Security Advisories. This is why > I have a few questions. Hey, Sure, ask away. We (FreeBSD Security Team) try to proof read a lot to fix typo's and make the text as clear as possibly, but unfortunately some things slip through. > I don't unerstand who are 'they', (files?): > > > . The first problem can allow a local attacker to change the > > permissions of files owned by the user executing cpio providing > > that they have write access to the directory in which the file is > > being extracted. (CVE-2005-1111) Here "they" refers to the local attacker. > > NOTE WELL: The solution described below causes cpio to not exact files > > with absolute paths by default anymore. If it is required that cpio > > exact files with absolute names, use the --absolute-filenames > > parameter. > > Shouldn't 'exact' be 'extract'. It's very interesting for me as > I see 'exact' here two times (two typos or maybe I don't understand > this). Whoops, yes it should be "extract" in both cases... well, at least I was consistent in my typos... ;-). I accept the pointy hat for this one. > Another suggestion is: > Security Advisories on www.freebsd.org should be ordered by date. > Displaying 1,2,3 and no 4 causes people to omit advisory no 4! It > should be displayed 4, 3, 2, 1 and probably all new releases - no matter > how many. > On http://www.freebsd.org/security/ sorting of advisories seems like above. I agree in general, and I will try to improve it (though defining "new" items is not too easy for something like this). Xin Li has already reverse the order so 4, 3, and 2 are shown making it more clear that there have been 4 so far in 2006. -- Simon L. Nielsen FreeBSD Security Team [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDxXBNh9pcDSc1mlERAhAsAJ40DEykoPQfiB8nyEFUFbfMffAL0wCgtWpn MNhH1uf3RC5oHVKEdhz70Pc= =6lwV -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060111205333.GB839>