Bug 42920 - [MAINTAINER PATCH] [SECURITY] Update for editors/joe - drop sgid/suid on backup files
Summary: [MAINTAINER PATCH] [SECURITY] Update for editors/joe - drop sgid/suid on back...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-ports (Nobody)
Depends on:
Reported: 2002-09-18 08:30 UTC by toasty
Modified: 2002-09-18 12:13 UTC (History)
0 users

See Also:

file.diff (292 bytes, patch)
2002-09-18 08:30 UTC, toasty
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description toasty 2002-09-18 08:30:08 UTC
A post on Bugtraq (<20020917183024.GA7393@yakuza.salon.cz>) brought up a
somewhat minor flaw in the JOE editor. Backups of sgid/suid files should
drop the sgid/suid bits, because backup files are owned by the user running
joe, not the owner of the file.

Fix: Add patch-ak to ports/editors/files:

Create a file such as this:

-rwsr-sr-x  1 toasty  toasty  2 Sep 18 02:00 test.file

As root, open/save it, and this backup file is created:

-rwsr-sr-x  1 root    wheel   2 Sep 18 01:58 test.file~

It would require some impressive social engineering to take advantage of
this, but it's still not a good idea.
Comment 1 Ying-Chieh Liao freebsd_committer 2002-09-18 12:13:29 UTC
State Changed
From-To: open->closed

committed, thanks