[LinuxBIOS] PATCH: mkdirp() error on new directory outside given parent

Uwe Hermann uwe at hermann-uwe.de
Thu Jul 12 21:20:54 CEST 2007


On Thu, Jul 12, 2007 at 05:33:57PM +0200, Peter Stuge wrote:
> On Thu, Jul 12, 2007 at 02:49:36PM +0200, Stefan Reinauer wrote:
> > * Peter Stuge <peter at stuge.se> [070712 09:50]:
> > > Have a look.
> > 
> > I think the better way would be to check the paths for ../ and skip
> > those with a warning.
> 
> Then there are the symlinks. :\

Yeah, this stuff is horribly hard to get right. Security issues like
these are found even in really mature and stable software (coreutils,
tar, etc.) again and again...


Uwe.
-- 
http://www.hermann-uwe.de  | http://www.holsham-traders.de
http://www.crazy-hacks.org | http://www.unmaintained-free-software.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20070712/6a9a503b/attachment.sig>


More information about the coreboot mailing list