[Bug 1924] New: XPM security fixes break writing XPM files with
absolute path names
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Fri Nov 26 01:31:17 PST 2004
Please do not reply to this email: if you want to comment on the bug, go to
the URL shown below and enter yourcomments there.
https://bugs.freedesktop.org/show_bug.cgi?id=1924
Summary: XPM security fixes break writing XPM files with absolute
path names
Product: xorg
Version: unspecified
Platform: PC
URL: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=140
815
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Lib/Xpm
AssignedTo: xorg-bugzilla-noise at freedesktop.org
ReportedBy: nphilipp at redhat.com
This bug is https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=140815 originally.
The new sanity checks prevent using file names that start with a "/" which along
with other checks wouldn't let you use libXpm to write files that aren't in or
beneath the process's current working directory. Not exactly what you want if
you use it e.g. from the GIMP's xpm load/save plugin.
Altogether, these checks seem to me to have the intention of working around
missing similar checks in calling applications (just a rough guess) but in this
instance I think it's obvious that the fixes have to be done in the applications
themselves to avoid regressions.
--
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the xorg-bugzilla-noise
mailing list