From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 29959 invoked by alias); 12 Jan 2015 06:56:30 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: X-Seq: 34249 Received: (qmail 5154 invoked from network); 12 Jan 2015 06:56:28 -0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 X-CMAE-Score: 0 X-CMAE-Analysis: v=2.1 cv=Ko/6AtSI c=1 sm=1 tr=0 a=FT8er97JFeGWzr5TCOCO5w==:117 a=kj9zAlcOel0A:10 a=q2GGsy2AAAAA:8 a=oR5dmqMzAAAA:8 a=-9mUelKeXuEA:10 a=YNv0rlydsVwA:10 a=_CqGgLDPjVHpadzAl50A:9 a=CjuIK1q_8ugA:10 From: Bart Schaefer Message-id: <150111225626.ZM5554@torch.brasslantern.com> Date: Sun, 11 Jan 2015 22:56:26 -0800 In-reply-to: <20150112054344.GC1728@tarsus.local2> Comments: In reply to Daniel Shahaf "Re: zsh/files module and insecure tempfile creation" (Jan 12, 5:43am) References: <150109223150.ZM24107@torch.brasslantern.com> <20150112054344.GC1728@tarsus.local2> X-Mailer: OpenZMail Classic (0.9.2 24April2005) To: Subject: Re: zsh/files module and insecure tempfile creation MIME-version: 1.0 Content-type: text/plain; charset=us-ascii On Jan 12, 5:43am, Daniel Shahaf wrote: } Subject: Re: zsh/files module and insecure tempfile creation } } Bart Schaefer wrote on Fri, Jan 09, 2015 at 22:31:50 -0800: } > Next the attacker must be able to swap the directory or symlink with } > a symlink to his own target file. } } On FreeBSD systems, 'cat /path/to/dir' works (prints something and } returns 0). That is also avoided, I think, by using zf_ln -fn to be sure the target is removed and replaced by zsh's temp file. I think we're OK there after this latest patch pass.