gronod/lfs
1
0
Fork 0
mirror of https://git.linuxfromscratch.org/lfs.git synced 2025-06-20 12:19:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

updated ed patch explanation

Browse Source 
git-svn-id: http://svn.linuxfromscratch.org/LFS/trunk/BOOK@2421 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689
This commit is contained in:
Gerard Beekmans 2003-02-04 02:56:15 +00:00
parent f0fbc9826a
commit e5c5f0191d
1 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
chapter06/ed-inst.xml
View File

@ -8,13 +8,12 @@ because it can be used by the patch program if you encounter an ed-based patch
file. This happens rarely because diff-based patches are preferred these file. This happens rarely because diff-based patches are preferred these
days.</para></note> days.</para></note>
<para>This package requires its patch to be applied before you can <para>Ed uses mktemp to create temporary files in <filename
install it. This patch fixes a symlink vulnerability in class="directory">/tmp</filename>, but this function has a security
<userinput>ed</userinput>. The <userinput>ed</userinput> executable vulnerability (see section on Temporary Files in
creates files in <filename class="directory">/tmp</filename> with <ulink url="http://en.tldp.org/HOWTO/Secure-Programs-HOWTO/avoid-race.html"/>).
predictable names. By using various symlink attacks, it is possible This patch makes Ed use mkstemp instead, which is the recommended way to
to have ed write to files it should not, change the permissions of create temporary files.</para>
files, etc.</para>
<para>Apply the patch:</para> <para>Apply the patch:</para>