[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-devel:15547] Re: Test package of xdvik-ja 22.40t-j1.12 is available

From: Tatsuya Kinoshita <tats@xxxxxxxxxxxxxx>
Subject: [debian-devel:15547] Re: Test package of xdvik-ja 22.40t-j1.12 is available
Date: Sat, 1 Feb 2003 07:40:52 +0900
List-help: <mailto:debian-devel-ctl@debian.or.jp?body=help>
List-id: debian-devel.debian.or.jp
List-owner: <mailto:debian-devel-admin@debian.or.jp>
List-post: <mailto:debian-devel@debian.or.jp>
List-software: fml [fml 4.0.3 release (20011202/4.0.3)]
List-unsubscribe: <mailto:debian-devel-ctl@debian.or.jp?body=unsubscribe>
X-ml-info: If you have a question, send e-mail with the body "help" (without quotes) to the address debian-devel-ctl@debian.or.jp; help=<mailto:debian-devel-ctl@debian.or.jp?body=help>
X-ml-name: debian-devel
X-mlserver: fml [fml 4.0.3 release (20011202/4.0.3)]; post only (only members can post)
X-spam-level:
X-spam-status: No, hits=-1.4 required=10.0 tests=IN_REP_TO,ISO2022JP_CHARSET,ISO2022JP_BODY,CASHCASHCASH, UPPERCASE_25_50,WEIRD_PORT version=2.31
References: <20030131160153W.1000@xxxxxxxxxxxxxxxxxxxxxxx> <20030131.171138.78723231.kohda@xxxxxxxxxxxxxxxxxxxx> <mpa4r7p4ovs.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Message-id: <20030201.073956.132127954.05@xxxxxxxxxxxxxxx>
X-mail-count: 15547
X-mailer: Mew version 3.1.53 on Emacs 20.7 / Mule 4.0 (HANANOEN)

On January 31, 2003, [debian-devel:15539],
TSUCHIYA Masatoshi <tsuchiya@xxxxxxxxxxxxxxxxxxxxxxx> wrote:

> BTS に投稿されているパッチから想像すると，旧 tetex-bin 付属の xdvi-pl 
> は，current working directory に一時ファイルを作成していたようですから，
> この攻撃が成功する可能性があったのでしょう．
E> 
> ;; tempfile を呼び出すときに，DIR を指定せずに template を指定すると，
> ;; そうなってしまうようです．
> 
> というわけで，一応，安全だと判断して良いと思いますが，どうでしょうか．

土屋さんの解釈で合っているものと思います。(旧版のコードだと、
gzipやbzip2での出力先がsymlinkで置き換えられるおそれがある)

-- 
木下達也

Follow-Ups:
- [debian-devel:15549] Re: Test package of xdvik-ja 22.40t-j1.12 is available
  - From: Atsuhito Kohda

Prev by Date: [debian-devel:15546] Re: Test packages of jtex-1.9.1 / multex-0.8.1
Next by Date: [debian-devel:15548] Re: gs-ja 7.05
Previous by thread: [debian-devel:15561] Re: Test packages of jtex-1.9.1 / multex-0.8.1
Next by thread: [debian-devel:15549] Re: Test package of xdvik-ja 22.40t-j1.12 is available
Index(es):
- Date
- Thread