maybe-security issue copying symlinks in nautilus
Arand Nash
ienorand at gmail.com
Thu Sep 10 21:44:30 UTC 2009
Hello, (sorry if this is; the wrong place/unwarranted/already
known/otherwise faux pas, but;) I would like to wave a flag for a bug in
libglib2.0-0, manifesting in nautilus, which may potentially be a
security issue, since it modifies permissions blackmagically.
The problem is that if copying a symlink using nautilus, the permissions
of the target will be automatically set to 777 (provided the user doing
the copying has permissions to do that).
And I'm guessing that unknowingly setting items to world-rw, is
something that could be a security risk.
Upstream bug report: https://bugzilla.gnome.org/show_bug.cgi?id=593406
git fix commit: http://git.gnome.org/cgit/glib/commit/?h=glib-2-20
Downstream (including debdiffs with quilt patches {created from above
commit}): https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/418135
Oh, and the issue does exists on libglib2.0-0 2.20.5-1 (squeeze) as well.
- Arand
More information about the pkg-gnome-maintainers
mailing list