Bug#489988: projectl: Creates file in current working directory

Wed Jul 9 14:31:36 UTC 2008

On Wed, 2008-07-09 at 13:16:04 +0200, Nico Golde wrote:
> Hi Guillem,

> * Guillem Jover <guillem at debian.org> [2008-07-09 09:19]:
> > This game creates the file projectL.prf on the current working dir
> > every time it's run. It should probably create it under a dot dir on
> > the home dir. Setting as important as this might be a security problem
> > (it might even well be RC).
> 
> The code that does this seems to be the following from br/prefmanager.d:
>      34         public void save(){
>      35                 auto File fd = new File;
>      36             fd.create(PREF_FILE);
>      37             fd.write(VERSION_NUM);
>      38             _prefData.save(fd);
>      39             fd.close();
>      40          }
>      41         public PrefData prefData() {
>      42         return _prefData;
>      43         }
> 
> Anyone knows if this would follow symlinks and thus opening a symlink
> attack here?
> I have no idea of the d programing language.

I tested this yesterday and it does follow symlinks.

regrads,
guillem