diff options
author | Jim Meyering <jim@meyering.net> | 2002-03-09 21:05:49 +0000 |
---|---|---|
committer | Jim Meyering <jim@meyering.net> | 2002-03-09 21:05:49 +0000 |
commit | 57d9a3625bcb94d7e2e09fe2ffb280bfe5968fff (patch) | |
tree | e952b7209431349afa717175ced0b8cf9bd6a3b7 /old/fileutils | |
parent | 3f81b8e1890f68b3af4682f17f550839be9926ba (diff) | |
download | coreutils-57d9a3625bcb94d7e2e09fe2ffb280bfe5968fff.tar.xz |
.
Diffstat (limited to 'old/fileutils')
-rw-r--r-- | old/fileutils/ChangeLog | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/old/fileutils/ChangeLog b/old/fileutils/ChangeLog index 9175d0197..10b602405 100644 --- a/old/fileutils/ChangeLog +++ b/old/fileutils/ChangeLog @@ -1,7 +1,35 @@ -2002-03-04 Jim Meyering <meyering@lucent.com> +2002-03-08 Jim Meyering <meyering@lucent.com> * Version 4.1.7. + Don't allow a malicious user to trick another user's rm process into + removing unintended files. In one scenario, if root is removing a + hierarchy that is writable by the malicious user, that user may trick + root into removing all of `/'. Reported by Wojciech Purczynski. + + * src/remove.c (remove_dir): After chdir `..', call lstat to get the + dev/inode of "." and fail if they aren't the same as the old numbers. + (remove_cwd_entries): New parameter, `cwd_dev_ino'. + (remove_dir): Likewise. + (rm): Likewise. + Adjust all callers. + * src/mv.c (do_move): The first time we resort to copy/remove, + call lstat `.' to get the device/inode numbers now required for rm. + * src/rm.c (main): Call lstat `.' to get the device/inode numbers + now required for rm. + * src/remove.h (struct dev_ino): Declare new type. + (rm): Add a parameter to the prototype. + +2002-03-06 Jim Meyering <meyering@lucent.com> + + * Use automake-1.6. Regenerate dependent files. + +2002-03-05 Jim Meyering <meyering@lucent.com> + + * Makefile.am (EXTRA_DIST): Add config/config.rpath. + +2002-03-04 Jim Meyering <meyering@lucent.com> + * Makefile.maint (tgz-size): Also handle a suffix of `K', since the sizes in the output of `du -h' now look like `29K' |