-
Notifications
You must be signed in to change notification settings - Fork 232
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Work with the file without restriction of rights #439
Comments
@ihsinme you are right! Thank you for reporting this security 🐞! |
dvorka
modified the milestones:
2.4 Performance and stabilization,
2.5 Performance and stabilization
Dec 10, 2021
dvorka
changed the title
work with the file without restriction of rights.
Work with the file without restriction of rights.
Dec 10, 2021
dvorka
changed the title
Work with the file without restriction of rights.
Work with the file without restriction of rights
Dec 12, 2021
dvorka
modified the milestones:
2.6 Performance and stabilization,
2.7 Pipe and pattern editor
Dec 12, 2022
dvorka
modified the milestones:
3.1 Pipe and pattern editor,
3.0 HSTR working w/ and w/o TIOCSTI (Linux kernels >=6.2.0)
Apr 2, 2023
dvorka
modified the milestones:
3.0 HSTR working w/ and w/o TIOCSTI (Linux kernels >=6.2.0),
3.1 Stabilization
Apr 18, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I may be wrong, but I see in your code working with a file without setting permissions. this can lead to a security problem. both by the vector of confidentiality (access to information) and by the vector of accessibility (for example, when using links).
I suggest considering setting limits using
umask (0022);
andchmod (..., 0644);
hstr/src/hstr_blacklist.c
Line 139 in 298379d
hstr/src/hstr_favorites.c
Line 116 in 298379d
The text was updated successfully, but these errors were encountered: