hal ChangeLog,1.731,1.732
David Zeuthen
david at freedesktop.org
Tue Jan 10 18:44:48 PST 2006
Update of /cvs/hal/hal
In directory gabe:/tmp/cvs-serv10260
Modified Files:
ChangeLog
Log Message:
2006-01-10 David Zeuthen <davidz at redhat.com>
* tools/hal-system-storage-mount: Fix a potential security hole where
the user could pass e.g. umask=`/bin/evil` and thus execute /bin/evil
with root priviliges. Also require /bin/bash instead of just /bin/sh.
Reported by Kay Sievers <kay.sievers at vrfy.org>.
Index: ChangeLog
===================================================================
RCS file: /cvs/hal/hal/ChangeLog,v
retrieving revision 1.731
retrieving revision 1.732
diff -u -d -r1.731 -r1.732
--- ChangeLog 10 Jan 2006 19:03:45 -0000 1.731
+++ ChangeLog 11 Jan 2006 02:44:46 -0000 1.732
@@ -1,3 +1,10 @@
+2006-01-10 David Zeuthen <davidz at redhat.com>
+
+ * tools/hal-system-storage-mount: Fix a potential security hole where
+ the user could pass e.g. umask=`/bin/evil` and thus execute /bin/evil
+ with root priviliges. Also require /bin/bash instead of just /bin/sh.
+ Reported by Kay Sievers <kay.sievers at vrfy.org>.
+
2006-01-08 Richard Hughes <richard at hughsie.com>
* hal.conf.in: Add a fallback for the root user for distros that do
More information about the hal-commit
mailing list